SB20260502143 - Integer overflow in Linux kernel smb server
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-31707)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer overflow in ipc_validate_msg() when validating daemon response messages. A local user can supply a specially crafted daemon response with a wrapped size value to cause a denial of service.
The issue affects multiple response types, including RPC request, share config request, and extended login request handling, and negative ngroups values can influence size computation.
Remediation
Install update from vendor's website.