CVE-2026-31537

Published: Apr 24, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send. In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.

Vendor	Product	Versions
Linux	Linux	affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 5ef18a2e66f2f33fdac64437bddfb9fe6389fdc7` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 79242e7b6bc63efec28b7c235bc320806afce6c0` affected `0626e6641f6b467447c81dd7678a69c66f7746cf - < 34abd408c8ba24d7c97bd02ba874d8c714f49db1`
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `6.18.11 - <= 6.18.` unaffected `6.19.1 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/5ef18a2e66f2f33fdac64437bddfb9fe6389fdc7

https://git.kernel.org/stable/c/79242e7b6bc63efec28b7c235bc320806afce6c0

https://git.kernel.org/stable/c/34abd408c8ba24d7c97bd02ba874d8c714f49db1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31537

Description

Affected Products

References