CVE-2026-31433

A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERY_DIRECTORY and QUERY_INFO. Due to a missing validation check for the client-provided output buffer length, an out-of-bounds write can occur when processing filenames. This can lead to memory corruption, potentially causing a denial of service or other unpredictable system behavior.