VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 1, 2026· Updated May 6, 2026

CVE-2026-31710

CVE-2026-31710

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix dir separator in SMB1 UNIX mounts

When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits.

This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Linux kernel SMB1 UNIX mounts, a missing flag causes wrong directory separator, fixed by reordering flag updates.

Vulnerability

A logic error in the Linux kernel's SMB1 UNIX mount path causes the CIFS_MOUNT_POSIX_PATHS flag to be missing from cifs_sb_info::mnt_cifs_flags. The bug occurs in cifs_mount_get_tcon() when it reads or updates @cifs_sb->mnt_cifs_flags before calling reset_cifs_unix_caps(), instead of after. This results in the loss of both CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits [1][2].

Exploitation

The vulnerability is triggered during the mount process of an SMB1 share with UNIX extensions enabled. No special privileges are required beyond the ability to mount a CIFS filesystem. An attacker who can control the server's response or influence the mount parameters could potentially cause the client to use an incorrect directory separator in all subsequent path operations.

Impact

With the CIFS_MOUNT_POSIX_PATHS bit missing, the kernel falls back to the default Windows-style backslash (\) separator instead of the POSIX forward slash (/). This mismatch can lead to file access failures, incorrect path resolution, and potential confusion in applications relying on POSIX path semantics. The missing CIFS_MOUNT_POSIXACL bit also disables POSIX ACL support, reducing security granularity.

Mitigation

The fix has been applied to the Linux kernel stable tree via commits [1] and [2]. Users should update to a kernel version containing these patches. No workaround is available other than avoiding SMB1 UNIX mounts or applying the kernel update.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Linux/Kernel8 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=7.0.1,<7.0.2
    • cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.