7 matches found
CVE-2026-31705
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...
CVE-2026-31705
The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...
CVE-2026-31705
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2getea EA alignment smb2getea applies 4-byte alignment padding via memset after writing each EA entry. The bounds check on buffreelen is performed before the value memcpy, but the alignment...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smb2getea function’s memset operation, where the remaining space after the EA alignment is no...
CVE-2026-31612
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
PT-2026-34964
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb2 get ea function reads the EaNameLength variable from a client request and passes it to strncmp as the comparison length without verifying if the name length...