CVE-2026-31693

high

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay. This change makes sure that these variables get initialized after the label.

References

https://git.kernel.org/stable/c/c99e160938b627f6f28edee930e8abc157e84386

https://git.kernel.org/stable/c/c854ab481ece4b3e5f4c2e8b22824f015ff874a5

https://git.kernel.org/stable/c/7c9ce68192eef14c777cb6ce17155d2eb2431aea

https://git.kernel.org/stable/c/1d731e512134495e0ef490ade0e4d91dc0d515ec

https://git.kernel.org/stable/c/14f66f44646333d2bfd7ece36585874fd72f8286

Details

Source: Mitre, NVD

Published: 2026-04-30

Updated: 2026-04-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018