[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Fri May 1 16:35:00 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed25dbd4 by Salvatore Bonaccorso at 2026-05-01T17:33:17+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2026-31710 [smb: client: fix dir separator in SMB1 UNIX mounts]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c4d3fc5844d685441befd0caaab648321013cdfd (7.1-rc1)
+CVE-2026-31719 [crypto: krb5enc - fix async decrypt skipping hash verification]
+	- linux 7.0.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3bfbf5f0a99c991769ec562721285df7ab69240b (7.1-rc1)
+CVE-2026-31718 [ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/235e32320a470fcd3998fb3774f2290a0eb302a1 (7.1-rc1)
+CVE-2026-31717 [ksmbd: validate owner of durable handle on reconnect]
+	- linux 7.0.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/49110a8ce654bbe56bef7c5e44cce31f4b102b8a (7.1-rc1)
+CVE-2026-31716 [fs/ntfs3: validate rec->used in journal-replay file record check]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0ca0485e4b2e837ebb6cbd4f2451aba665a03e4b (7.1-rc1)
+CVE-2026-31715 [f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()]
+	- linux 7.0.3-1
+	NOTE: https://git.kernel.org/linus/2d9c4a4ed4eef1f82c5b16b037aee8bad819fd53 (7.1-rc1)
+CVE-2026-31714 [f2fs: fix to avoid memory leak in f2fs_rename()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3cf11e6f36c170050c12171dd6fd3142711478fc (7.1-rc1)
+CVE-2026-31713 [fuse: abort on fatal signal during sync init]
+	- linux 7.0.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/204aa22a686bfee48daca7db620c1e017615f2ff (7.1-rc1)
+CVE-2026-31712 [ksmbd: require minimum ACE size in smb_check_perm_dacl()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d07b26f39246a82399661936dd0c853983cfade7 (7.1-rc1)
+CVE-2026-31711 [smb: server: fix active_num_conn leak on transport allocation failure]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6551300dc452ac16a855a83dbd1e74899542d3b3 (7.1-rc1)
+CVE-2026-31709 [smb: client: validate the whole DACL before rewriting it in cifsacl]
+	- linux 7.0.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0a8cf165566ba55a39fd0f4de172119dd646d39a (7.1-rc1)
+CVE-2026-31708 [smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/a58c5af19ff0d6f44f6e9fe31e33a2c92223f77e (7.1-rc1)
+CVE-2026-31707 [ksmbd: validate response sizes in ipc_validate_msg()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d6a6aa81eac2c9bff66dc6e191179cb69a14426b (7.1-rc1)
+CVE-2026-31706 [ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3e4e2ea2a781018ed5d75f969e3e5606beb66e48 (7.1-rc1)
+CVE-2026-31705 [ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/30010c952077a1c89ecdd71fc4d574c75a8f5617 (7.1-rc1)
+CVE-2026-31704 [ksmbd: use check_add_overflow() to prevent u16 DACL size overflow]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/299f962c0b02d048fb45d248b4da493d03f3175d (7.1-rc1)
+CVE-2026-31703 [writeback: Fix use after free in inode_switch_wbs_work_fn()]
+	- linux 7.0.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6689f01d6740cf358932b3e97ee968c6099800d9 (7.1-rc1)
+CVE-2026-31702 [f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/39d4ee19c1e7d753dd655aebee632271b171f43a (7.1-rc1)
+CVE-2026-31701 [ALSA: caiaq: take a reference on the USB device in create_card()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/80bb50e2d459213cccff3111d5ef98ed4238c0d5 (7.1-rc1)
+CVE-2026-31700 [net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/2c054e17d9d41f1020376806c7f750834ced4dc5 (7.1-rc1)
+CVE-2026-31699 [crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/abe4a6d6f606113251868c2c4a06ba904bb41eed (7.1-rc1)
+CVE-2026-31698 [crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/e76239fed3cffd6d304d8ca3ce23984fd24f57d3 (7.1-rc1)
+CVE-2026-31697 [crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/4f685dbfa87c546e51d9dc6cab379d20f275e114 (7.1-rc1)
+CVE-2026-31696 [rxrpc: Fix missing validation of ticket length in non-XDR key preparsing]
+	- linux 7.0.3-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/ac33733b10b484d666f97688561670afd5861383 (7.1-rc1)
 CVE-2026-31695 [wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free]
 	- linux 6.19.12-1
 	[trixie] - linux 6.12.85-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed25dbd4cfe9a0fe4cff156c397c24f2872b3e28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed25dbd4cfe9a0fe4cff156c397c24f2872b3e28
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/482f84b0/attachment-0001.htm>
