CVE-2026-31693
Analyzed Analyzed - Analysis Complete
Missing Initialization in Linux Kernel CIFS Replay Code

Publication date: 2026-04-30

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay. This change makes sure that these variables get initialized after the label.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31693
EUVD
EUVD-2026-26367
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.6.32 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.8.1 (inc) to 6.12.75 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability could include incorrect or unpredictable behavior when replaying CIFS requests in the Linux kernel. Missing variable initializations might cause the system to process replayed requests improperly, potentially leading to data corruption, crashes, or other stability issues in systems using CIFS.

Executive Summary

This vulnerability exists in the Linux kernel's CIFS (Common Internet File System) implementation. It involves missing initializations of certain local variables in parts of the code where a request can be replayed if necessary. Specifically, some code sections had labels marking the start of replayable requests, but failed to reinitialize variables properly before replaying. This could lead to unexpected behavior or errors during request replay.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31693. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart