CVE-2026-31704

Source
https://cve.org/CVERecord?id=CVE-2026-31704
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31704.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31704
Downstream
Related
Published
2026-05-01T13:56:03.243Z
Modified
2026-06-18T03:55:46.328503302Z
Summary
ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: use checkaddoverflow() to prevent u16 DACL size overflow

setposixaclentriesdacl() and setntacldacl() accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causing the pointer arithmetic (char *)pndace + *size to land within already-written ACEs. Subsequent writes then overwrite earlier entries, and pndacl->size gets a truncated value.

Use checkaddoverflow() at each accumulation point to detect the wrap before it corrupts the buffer, consistent with existing checkmuloverflow() usage elsewhere in smbacl.c.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31704.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
Fixed
41e53a773db6342ac9a689ee5ba635c31744c9f0
Fixed
8d5729350b236896f51379588d9a690b7fafb8db
Fixed
e1955a94b6f17f4b058afa955a6f187eb3ed7615
Fixed
5e7b8f3c539d69b2ed5f2408e2f75e68ce7eef43
Fixed
ef7902be3f215b6bf7babe4dc9dd9a7d57dad7a7
Fixed
299f962c0b02d048fb45d248b4da493d03f3175d

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31704.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.136
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.84
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.25
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31704.json"