{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31410", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.087Z", "datePublished": "2026-04-06T07:38:21.876Z", "dateUpdated": "2026-05-11T22:08:10.290Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:08:10.290Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION\n\nUse sb->s_uuid for a proper volume identifier as the primary choice.\nFor filesystems that do not provide a UUID, fall back to stfs.f_fsid\nobtained from vfs_statfs()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/smb2pdu.c"], "versions": [{"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "ce00616bc1df675bfdacc968f2bf7c51f4669227", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "c283a6ffe6d5d6e5594d991286b9ce15951572e1", "status": "affected", "versionType": "git"}, {"version": "e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9", "lessThan": "3a64125730cabc34fccfbc230c2667c2e14f7308", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/smb2pdu.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ce00616bc1df675bfdacc968f2bf7c51f4669227"}, {"url": "https://git.kernel.org/stable/c/3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a"}, {"url": "https://git.kernel.org/stable/c/c283a6ffe6d5d6e5594d991286b9ce15951572e1"}, {"url": "https://git.kernel.org/stable/c/3a64125730cabc34fccfbc230c2667c2e14f7308"}], "title": "ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION\n\nUse sb->s_uuid for a proper volume identifier as the primary choice.\nFor filesystems that do not provide a UUID, fall back to stfs.f_fsid\nobtained from vfs_statfs()."}], "id": "CVE-2026-31410", "lastModified": "2026-04-07T13:20:35.010", "metrics": {}, "published": "2026-04-06T08:16:39.117", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3a64125730cabc34fccfbc230c2667c2e14f7308"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c283a6ffe6d5d6e5594d991286b9ce15951572e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce00616bc1df675bfdacc968f2bf7c51f4669227"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION", "id": "2455339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455339"}, "csaw": false, "cwe": "CWE-166", "details": ["A flaw was found in ksmbd in the Linux kernel. This vulnerability occurs because ksmbd incorrectly uses a fallback identifier when a volume's Universal Unique Identifier (UUID) is not available in FS_OBJECT_ID_INFORMATION. This could lead to improper volume identification."], "name": "CVE-2026-31410", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31410\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31410\nhttps://lore.kernel.org/linux-cve-announce/2026040629-CVE-2026-31410-5b44@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ce00616bc1df675bfdacc968f2bf7c51f4669227)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c283a6ffe6d5d6e5594d991286b9ce15951572e1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,3a64125730cabc34fccfbc230c2667c2e14f7308)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-07T09:54:45.258273+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to the latest stable release that includes the ksmbd volume UUID fix.", "Verify that your distribution\u2019s kernel package reflects the patch commit referenced in the advisory.", "If you cannot upgrade immediately, restrict SMB traffic to trusted hosts and monitor for any anomalous share names.", "Apply any additional vendor-specific mitigations if provided in future advisories."], "summary": {"action": "Immediate Patch", "impact": "Potential SMB share misidentification due to incorrect volume ID usage"}, "threat_synthesis": {"affected_systems": "All Linux systems running a kernel version that has not incorporated the patch referenced by commit identification data. The fix is incorporated in Linux kernel releases after the commits listed in the references, covering all mainstream Linux distributions that ship the kernel. No specific version string was supplied, so administrators should verify that their installed kernel includes the changes.", "description_and_impact": "The vulnerability in the Linux kernel stems from the ksmbd service incorrectly handling volume identifiers in FS_OBJECT_ID_INFORMATION. Rather than reliably using the filesystem's UUID, it may fall back to the filesystem's fsid from vfs_statfs(), which can be ambiguous or improperly formatted. This flaw can cause SMB shares to be exposed with incorrect or duplicate identifiers, potentially leading to confusion over which share a client accesses or allowing an attacker to infer information about the underlying filesystem. The flaw is limited to the volume identification logic used by ksmbd and does not appear to provide a direct exploit vector for code execution or privilege escalation.", "risk_and_exploitability": "The EPSS score is below 1\u202f% and the vulnerability is not present in the CISA KEV catalog, indicating a low probability of exploitation. No publicly documented exploits exist, and the CVSS score was not provided. Attack feasibility would likely require an adversary who can interact with ksmbd over SMB and manipulate volume identifiers, which typically necessitates local or network-level access to the target system. As a result, the risk is considered moderate at most, with the primary concern being inadvertent exposure or mislabeling of shares rather than direct compromise."}}}}, "created": "2026-04-06T20:14:52.273059+00:00", "updated": "2026-04-08T19:52:35.010919+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}