{"id":"CVE-2026-31612","summary":"ksmbd: validate EaNameLength in smb2_get_ea()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate EaNameLength in smb2_get_ea()\n\nsmb2_get_ea() reads ea_req-\u003eEaNameLength from the client request and\npasses it directly to strncmp() as the comparison length without\nverifying that the length of the name really is the size of the input\nbuffer received.\n\nFix this up by properly checking the size of the name based on the value\nreceived and the overall size of the request, to prevent a later\nstrncmp() call to use the length as a \"trusted\" size of the buffer.\nWithout this check, uninitialized heap values might be slowly leaked to\nthe client.","modified":"2026-05-18T05:59:52.627709107Z","published":"2026-04-24T14:42:32.760Z","related":["CGA-85j3-3m3j-4g56","openSUSE-SU-2026:10703-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31612.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/243b206bcb5a7137e8bddd57b2eec81e1ebd3859"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3363a770b193f555f29d76ddf4ced3305c0ccf6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b73376feecb3b61172fe5b4ff42bbbb8531669d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/551dfb15b182abad4600eaf7b37e6eb7000d5b1b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/66751841212c2cc196577453c37f7774ff363f02"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dfc6878d14acafffbe670bf2576620757a10a3d8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31612.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31612"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9"},{"fixed":"4b73376feecb3b61172fe5b4ff42bbbb8531669d"},{"fixed":"551dfb15b182abad4600eaf7b37e6eb7000d5b1b"},{"fixed":"3363a770b193f555f29d76ddf4ced3305c0ccf6d"},{"fixed":"243b206bcb5a7137e8bddd57b2eec81e1ebd3859"},{"fixed":"dfc6878d14acafffbe670bf2576620757a10a3d8"},{"fixed":"66751841212c2cc196577453c37f7774ff363f02"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31612.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.15.0"},{"fixed":"6.6.136"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.83"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.20.0"},{"fixed":"7.0.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31612.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}