CVE-2026-31613 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 27, 2026
Linux Kernel smb client - Out-of-Bounds Read
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel smb client contains an out-of-bounds read vulnerability caused by improper length validation when parsing symlink error responses in smb2_check_message and smb2_parse_symlink_response, letting untrusted SMB servers cause memory reads beyond buffer limits, exploit requires interaction with a malicious SMB server.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
An attacker controlling an SMB server can cause out-of-bounds reads, potentially leaking kernel memory contents to userspace.
Mitigation
Update to the latest Linux kernel version containing the fix for this vulnerability.
References
Related Resources
Details
- CVE ID
- CVE-2026-31613
- Severity
- High
- CVSS Score
- 8.1
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H