CVE-2026-31710 - Vulnerability Details

- smb: client: fix dir separator in SMB1 UNIX mounts

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix dir separator in SMB1 UNIX mounts

When calling cifs_mount_get_tcon() with SMB1 UNIX mounts,
@cifs_sb->mnt_cifs_flags needs to be read or updated only after
calling reset_cifs_unix_caps(), otherwise it might end up with missing
CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits.

This fixes the wrong dir separator used in paths caused by the missing
CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.

Published: 2026-05-01

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies in the Linux kernel’s CIFS client when handling SMB1 UNIX mounts. During the mount process, the cifs_mount_get_tcon() function may read or update the CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits only after reset_cifs_unix_caps(), causing the CIFS_MOUNT_POSIX_PATHS flag to be missing. This omission leads to the use of an incorrect directory separator in paths. The weakness is a pathname handling problem (CWE‑22) and does not grant unauthorized file access, privilege escalation, or code execution. Its effect is limited to incorrect path resolution on mounted shares, which can affect functionality rather than security posture.

Affected Systems

All Linux kernel releases before the patch containing the dir separator fix are affected. The issue resides in the CIFS SMB client component used by distributions that mount SMB shares using the CIFS helper. Any Linux system that relies on the unpatched kernel for SMB1 support is potentially impacted.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of exploitation. There are no reported exploits. The bug manifests during client-initiated SMB mount operations, so a remote attacker could not exploit it without first mounting the share locally or having the affected client performed the mount. The flaw does not provide a direct vector for code execution or data exfiltration, and so the overall risk is low to moderate.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4fc3a433c13944ee5766ec5b9bf6f1eb4d29b880`	affected	< fbbfcf35e1ee3396631f3dc6214cb626aa9814c3
`4fc3a433c13944ee5766ec5b9bf6f1eb4d29b880`	affected	< c4d3fc5844d685441befd0caaab648321013cdfd

Linux

affected

Version	Status	Constraints
`7.0`	affected	—
`0`	unaffected	< 7.0
`7.0.2`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4fc3a433c13944ee5766ec5b9bf6f1eb4d29b880,fbbfcf35e1ee3396631f3dc6214cb626aa9814c3)`	affected	code_commit	—
`[4fc3a433c13944ee5766ec5b9bf6f1eb4d29b880,c4d3fc5844d685441befd0caaab648321013cdfd)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`7.0`	affected	generic	—
`[0,7.0)`	unaffected	generic	—
`[7.0.2,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the SMB1 directory separator fix.
If SMB1 is required, consider disabling it and using SMB2 or SMB3 protocols to avoid the flaw.
Verify that CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS flags are correctly set on shares and test typical operations to ensure correct directory resolution.

Generated by OpenCVE AI on May 2, 2026 at 12:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/c4d3fc5844d685441befd0caaab648321013cdfd
https://git.kernel.org/stable/c/fbbfcf35e1ee3396631f3dc6214cb626aa9814c3
https://lore.kernel.org/linux-cve-announce/2026050122-CVE-2026-31710-511c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31710
https://www.cve.org/CVERecord?id=CVE-2026-31710

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
References		https://lore.kernel.org/linux-cve-announce/2026050122-CVE-2026-31710-511c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31710 https://www.cve.org/CVERecord?id=CVE-2026-31710

Fri, 01 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits. This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.
Title		smb: client: fix dir separator in SMB1 UNIX mounts
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/c4d3fc5844d685441befd0caaab648321013cdfd https://git.kernel.org/stable/c/fbbfcf35e1ee3396631f3dc6214cb626aa9814c3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T13:56:07.217Z

Updated: 2026-05-01T13:56:07.217Z

Reserved: 2026-03-09T15:48:24.133Z

Link: CVE-2026-31710

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T14:16:21.040

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31710

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31710 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T12:15:25Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object