CVE-2026-31608

CRITICAL

smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.

References (4)

https://git.kernel.org/stable/c/6968c91fab05b8fc4d6700e0cf34472bb422df25

https://git.kernel.org/stable/c/2ba03f46132b0d1a7bafb86e1ef61951a2254023

https://git.kernel.org/stable/c/830de6eeb9db4cb7e758201fb99328ef4ca4b032

https://git.kernel.org/stable/c/84ff995ae826aa6bbcc6c7b9ea569ff67c021d72

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (14)

Linux/Linux < 7.0

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2ba03f46132b0d1a7bafb86e1ef61951a2254023

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 6968c91fab05b8fc4d6700e0cf34472bb422df25

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 830de6eeb9db4cb7e758201fb99328ef4ca4b032

Linux/Linux 34abd408c8ba24d7c97bd02ba874d8c714f49db1 - 830de6eeb9db4cb7e758201fb99328ef4ca4b032

Linux/Linux 34abd408c8ba24d7c97bd02ba874d8c714f49db1 - 84ff995ae826aa6bbcc6c7b9ea569ff67c021d72

Linux/Linux 5ef18a2e66f2f33fdac64437bddfb9fe6389fdc7 - 6968c91fab05b8fc4d6700e0cf34472bb422df25

Linux/Linux 6.18.24 - 6.18.*

Linux/Linux 6.19.14 - 6.19.*

Linux/Linux 7.0

... and 4 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026