VYPR
← All advisories
High severity7.8NVD Advisory· Published Apr 30, 2026· Updated May 7, 2026

CVE-2026-31693

CVE-2026-31693

Description

In the Linux kernel, the following vulnerability has been resolved:

cifs: some missing initializations on replay

In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay.

This change makes sure that these variables get initialized after the label.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel CIFS client missing variable initializations on replay can lead to use of uninitialized data, patched in stable kernels.

Vulnerability Detail In the Linux kernel's CIFS client, several code paths contain a label for replaying requests. These paths failed to reinitialize local variables after the label, leading to potential use of uninitialized data [1].

Exploitation An attacker who can trigger CIFS request replays—for example, by causing network errors or crafting specific SMB2/3 commands—may cause the kernel to operate on uninitialized stack variables.

Impact This can result in information disclosure or system instability. The CVSS score of 7.8 reflects high severity, with potential for local privilege escalation or denial of service.

Mitigation The issue is fixed in stable kernel patches [1]. Users should update to the latest kernel version provided by their distribution. No workaround is available.

References
  1. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernelinferred9 versions
    (expand)+ 8 more
    • (no CPE)
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.6.32,<6.6.128
    • cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.8:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

0

No linked articles in our index yet.