Skip to main content

Linux Kernel EUVDEUVD-2026-26367

| CVE-2026-31693 HIGH
Use of Uninitialized Resource (CWE-908)
2026-04-30 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 09:30 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
Apr 30, 2026 - 13:01 EUVD
EUVD ID Assigned
Apr 30, 2026 - 12:15 euvd
EUVD-2026-26367
Analysis Generated
Apr 30, 2026 - 12:15 vuln.today
CVE Published
Apr 30, 2026 - 11:47 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

cifs: some missing initializations on replay

In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay.

This change makes sure that these variables get initialized after the label.

AnalysisAI

Uninitialized variable use in Linux kernel CIFS replay logic allows local authenticated attackers to potentially access sensitive kernel memory, corrupt data, or trigger denial of service. The vulnerability exists in CIFS request replay code paths where certain local variables lack proper reinitialization after replay labels, potentially causing undefined behavior during SMB session recovery operations. Patches available for kernel versions 6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS score of 0.02% indicates minimal observed exploitation activity, consistent with the local access requirement and specialized triggering conditions.

Technical ContextAI

This vulnerability affects the Linux kernel's CIFS (Common Internet File System) client implementation, specifically in code paths handling SMB request replay functionality. SMB replay is a recovery mechanism used when network connections are interrupted or sessions need to be re-established. The affected code uses labels to mark points where request processing can restart if replay is necessary, but fails to reinitialize local variables after these labels. In C programming, uninitialized variables contain arbitrary memory contents from previous stack frames, leading to undefined behavior. When these uninitialized values are used in security-sensitive operations like memory addressing, access control checks, or data copying, they can cause information disclosure through kernel memory leaks, integrity violations through corrupted writes, or availability issues through crashes. The vulnerability is rooted in improper resource initialization during error handling and recovery paths, a common pattern in complex state machines like network protocol implementations.

RemediationAI

Upgrade to patched Linux kernel versions: 6.6.128 or later for 6.6.x series, 6.12.75 or later for 6.12.x series, 6.18.16 or later for 6.18.x series, 6.19.6 or later for 6.19.x series, or upgrade to mainline 7.0 when released. Upstream fixes are confirmed in git commits c854ab481ece (6.6 stable), 1d731e512134 (6.12 stable), 7c9ce68192ee (6.18 stable), c99e160938b6 (6.19 stable), and 14f66f446463 (mainline), available at git.kernel.org/stable. For systems requiring temporary mitigation before patching, consider unmounting CIFS shares if business operations permit, though this eliminates functionality rather than reducing risk. Alternatively, restrict local user access to systems with active CIFS mounts using stricter authentication policies and user account controls, recognizing this reduces likelihood but doesn't eliminate the vulnerability. Note that disabling CIFS kernel module (blacklisting cifs.ko) prevents exploitation but also breaks all SMB/CIFS mounting functionality. Network-level controls are ineffective since this is a local privilege issue, not a network-based attack. No performance or stability side effects expected from kernel patches, but test in non-production environments first per standard kernel update procedures.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy