cifs: some missing initializations on replay
Summary
| CVE | CVE-2026-31693 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-30 12:16:24 UTC |
| Updated | 2026-05-03 07:16:16 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay. This change makes sure that these variables get initialized after the label. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000180000 probability, percentile 0.048520000 (date 2026-05-02)
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Secondary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 433042a91f9373241307725b52de573933ffedbf c854ab481ece4b3e5f4c2e8b22824f015ff874a5 git | Not specified |
| CNA | Linux | Linux | affected 4f1fffa2376922f3d1d506e49c0fd445b023a28e 1d731e512134495e0ef490ade0e4d91dc0d515ec git | Not specified |
| CNA | Linux | Linux | affected 4f1fffa2376922f3d1d506e49c0fd445b023a28e 7c9ce68192eef14c777cb6ce17155d2eb2431aea git | Not specified |
| CNA | Linux | Linux | affected 4f1fffa2376922f3d1d506e49c0fd445b023a28e c99e160938b627f6f28edee930e8abc157e84386 git | Not specified |
| CNA | Linux | Linux | affected 4f1fffa2376922f3d1d506e49c0fd445b023a28e 14f66f44646333d2bfd7ece36585874fd72f8286 git | Not specified |
| CNA | Linux | Linux | affected 6.8 | Not specified |
| CNA | Linux | Linux | unaffected 6.8 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.128 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.75 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.16 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.6 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/14f66f44646333d2bfd7ece36585874fd72f8286 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/1d731e512134495e0ef490ade0e4d91dc0d515ec | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/c854ab481ece4b3e5f4c2e8b22824f015ff874a5 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/c99e160938b627f6f28edee930e8abc157e84386 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/7c9ce68192eef14c777cb6ce17155d2eb2431aea | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.