Ksmbd

CVE-2026-31704 is a vulnerability in ksmbd related to the use of check_add_overflow() to prevent a u16 DACL size overflow, potentially leading to denial of service or privilege escalation.

Microsoft published information about CVE-2026-43490, a vulnerability in ksmbd related to the validation of inherited ACE SID length.

CVE-2026-31706 is a vulnerability in ksmbd related to improper validation of num_aces and insufficient hardening of the ACE walk in smb_inherit_dacl(), potentially leading to unauthorized access or privilege escalation.

CVE-2026-31718 is a use-after-free vulnerability in the ksmbd kernel module, specifically in the __ksmbd_close_fd() function, which can be triggered via the durable scavenger mechanism, potentially leading to arbitrary code execution.

CVE-2026-31478 is a vulnerability in Microsoft's ksmbd implementation related to incorrect calculation of maximum output buffer length, potentially leading to a denial-of-service or remote code execution.

CVE-2026-31611 is a vulnerability in ksmbd, requiring at least three sub-authorities before reading sub_auth[2], potentially leading to unauthorized access or code execution.

CVE-2026-31432 is a critical out-of-bounds write vulnerability in ksmbd, specifically within the QUERY_INFO functionality when handling compound requests, potentially leading to code execution or denial of service.