SB20260502143 - Integer overflow in Linux kernel smb server



SB20260502143 - Integer overflow in Linux kernel smb server

Published: May 2, 2026

Security Bulletin ID SB20260502143
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer overflow (CVE-ID: CVE-2026-31707)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to integer overflow in ipc_validate_msg() when validating daemon response messages. A local user can supply a specially crafted daemon response with a wrapped size value to cause a denial of service.

The issue affects multiple response types, including RPC request, share config request, and extended login request handling, and negative ngroups values can influence size computation.


Remediation

Install update from vendor's website.