CVE-2026-31612
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2026
Last modified:
29/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ksmbd: validate EaNameLength in smb2_get_ea()<br />
<br />
smb2_get_ea() reads ea_req->EaNameLength from the client request and<br />
passes it directly to strncmp() as the comparison length without<br />
verifying that the length of the name really is the size of the input<br />
buffer received.<br />
<br />
Fix this up by properly checking the size of the name based on the value<br />
received and the overall size of the request, to prevent a later<br />
strncmp() call to use the length as a "trusted" size of the buffer.<br />
Without this check, uninitialized heap values might be slowly leaked to<br />
the client.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15 (including) | 6.6.136 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.83 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 7.0 (including) | 7.0.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/243b206bcb5a7137e8bddd57b2eec81e1ebd3859
- https://git.kernel.org/stable/c/3363a770b193f555f29d76ddf4ced3305c0ccf6d
- https://git.kernel.org/stable/c/4b73376feecb3b61172fe5b4ff42bbbb8531669d
- https://git.kernel.org/stable/c/551dfb15b182abad4600eaf7b37e6eb7000d5b1b
- https://git.kernel.org/stable/c/66751841212c2cc196577453c37f7774ff363f02
- https://git.kernel.org/stable/c/dfc6878d14acafffbe670bf2576620757a10a3d8