Skip to main content

Linux Kernel ksmbd EUVDEUVD-2026-19194

| CVE-2026-31410 MEDIUM
2026-04-06 Linux GHSA-5hjj-hhq3-52wj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 20, 2026 - 16:23 vuln.today
CVSS changed
May 20, 2026 - 16:22 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a,3a64125730cabc34fccfbc230c2667c2e14f7308
EUVD ID Assigned
Apr 06, 2026 - 08:15 euvd
EUVD-2026-19194
CVE Published
Apr 06, 2026 - 07:38 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION

Use sb->s_uuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.f_fsid obtained from vfs_statfs().

AnalysisAI

Denial-of-service in the Linux kernel's ksmbd SMB server component stems from improper handling of volume identifiers in FS_OBJECT_ID_INFORMATION responses. Affected kernels fail to correctly use the superblock UUID (sb->s_uuid) as the volume identifier, and lack a safe fallback (via vfs_statfs()) for filesystems that do not expose a UUID - creating conditions for a kernel availability impact when a local low-privileged user interacts with an affected SMB share. EPSS is 0.01% (1st percentile) and no active exploitation is confirmed in CISA KEV; no public exploit code has been identified at time of analysis.

Technical ContextAI

The affected component is ksmbd, the in-kernel SMB3 server introduced in Linux 5.15. The FS_OBJECT_ID_INFORMATION structure is part of the SMB2/3 protocol response for querying filesystem object identity metadata. The bug lies in ksmbd's implementation of this query: rather than using the superblock's UUID (sb->s_uuid) as the canonical volume identifier, the pre-fix code did not properly resolve the identifier, particularly for filesystems that do not populate s_uuid. The corrected code uses sb->s_uuid as the primary source and falls back to stfs.f_fsid obtained from vfs_statfs() for filesystems without a UUID. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack surface with high availability impact. No CWE was assigned; the root cause class most closely resembles CWE-476 (NULL Pointer Dereference) or CWE-665 (Improper Initialization), inferred from the nature of the UUID fallback logic and the A:H impact without confidentiality loss. CPE data confirms the affected product as cpe:2.3:a:linux:linux.

RemediationAI

Vendor-released patches are available across multiple stable kernel branches: upgrade to Linux 6.12.78, 6.18.20, 6.19.10, or 7.0-rc5 or later. Upstream fix commits are available at https://git.kernel.org/stable/c/c283a6ffe6d5d6e5594d991286b9ce15951572e1, https://git.kernel.org/stable/c/ce00616bc1df675bfdacc968f2bf7c51f4669227, https://git.kernel.org/stable/c/3d80ebe6d1b7bc9ad20fd9b0c1a0c56d804f8a0a, and https://git.kernel.org/stable/c/3a64125730cabc34fccfbc230c2667c2e14f7308. If immediate kernel upgrade is not feasible, a compensating control is to disable or unload the ksmbd kernel module (rmmod ksmbd) and migrate SMB serving duties to Samba (smbd in userspace), eliminating kernel-level exposure entirely - note this requires Samba to be configured and will cause a service interruption. Restricting local user access to the server (least-privilege principle, preventing untrusted local users) reduces exposure given the AV:L requirement but does not eliminate the vulnerability.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-19194 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy