9.8

CVE-2026-31478

ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"),
response buffer management was changed to use dynamic iov array.
In the new design, smb2_calc_max_out_buf_len() expects the second
argument (hdr2_len) to be the offset of ->Buffer field in the
response structure, not a hardcoded magic number.
Fix the remaining call sites to use the correct offsetof() value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.145 < 5.15.203
LinuxLinux Kernel Version >= 6.1.71 < 6.1.168
LinuxLinux Kernel Version >= 6.6.1 < 6.6.131
LinuxLinux Kernel Version >= 6.7 < 6.12.80
LinuxLinux Kernel Version >= 6.13 < 6.18.21
LinuxLinux Kernel Version >= 6.19 < 6.19.11
LinuxLinux Kernel Version6.6 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.389
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0e55f63dd08f09651d39e1b709a91705a8a0ddcb
Patch
https://git.kernel.org/stable/c/4cb537ae4f37d7d0f617815ed4bed7173fb50861
Patch
https://git.kernel.org/stable/c/6aef1765d6807e0f027cd87f6ac973eb0879a46d
Patch
https://git.kernel.org/stable/c/70b4c414889492c522b6e4331562360f49be2361
Patch
https://git.kernel.org/stable/c/80824c7e527b70cf9039534e60aff592e8f209d1
Patch
https://git.kernel.org/stable/c/9a7166f0ef8cbb7bb48dd05e2471d995566003f5
Patch
https://git.kernel.org/stable/c/c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683
Patch