A vulnerability in the ksmbd SMB server module (CVE-2026-31706, CVSS 8.8 HIGH) involves improper validation of the `num_aces` field and insufficient hardening when walking Access Control Entries (ACEs) in the `smb_inherit_dacl()` function. Affected Linux kernel versions are 5.15 through 6.12.83, 6.13 through 6.18.24, and 6.19 through 7.0.1. The vulnerability is fixed in kernel versions 6.12.84, 6.18.25, and 7.0.2.
We use optional cookies to improve your experience on our websites, such as through social media connections, and to display personalized advertising based on your online activity. If you reject optional cookies, only cookies necessary to provide you the services will be used. You may change your selection by clicking “Manage Cookies” at the bottom of the page. Privacy Statement Third-Party Cookies Accept Reject Manage cookies MSRC  Customer Guidance  Security Update Guide  Vulnerabilities  CVE-2026-31706 Your Privacy Choices Consumer Health Privacy