CVE-2026-31609

CRITICAL

smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.

References (4)

https://git.kernel.org/stable/c/a9940dcbe5cb92482c04efc7341039ddf7dbf607

https://git.kernel.org/stable/c/22b7c1c619d808aec4cad3dc42103345e370d107

https://git.kernel.org/stable/c/f9a162c2bbcd0ac85bd07c5b37cf20286048b65c

https://git.kernel.org/stable/c/27b7c3e916218b5eb2ee350211140e961bfc49be

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 17.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (14)

Linux/Linux < 7.0

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 22b7c1c619d808aec4cad3dc42103345e370d107

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - a9940dcbe5cb92482c04efc7341039ddf7dbf607

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - f9a162c2bbcd0ac85bd07c5b37cf20286048b65c

Linux/Linux 21538121efe6c8c5b51c742fa02cbe820bc48714 - 27b7c3e916218b5eb2ee350211140e961bfc49be

Linux/Linux 21538121efe6c8c5b51c742fa02cbe820bc48714 - f9a162c2bbcd0ac85bd07c5b37cf20286048b65c

Linux/Linux 37b5c06956183b65e6808b509cf637632016cdf7 - 22b7c1c619d808aec4cad3dc42103345e370d107

Linux/Linux 6.18.24 - 6.18.*

Linux/Linux 6.19.14 - 6.19.*

Linux/Linux 7.0

... and 4 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026