CRITICAL🇵🇱 Wersja polska

CVE-2026-31608

CVSS 9.8v3.1pub. 2026-04-24upd. 2026-04-29

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.

🤖 AI Analysis
How it works

The smb_direct_flush_send_list() function internally calls smb_direct_free_sendmsg() to release resources associated with a message sent by SMB Direct. The problem is that after the message is moved to the batch list by post_sendmsg(), the smb_direct_free_sendmsg() function is called a second time — resulting in a double-free of the same memory area. Such an error can lead to heap corruption (heap corruption), which is a classic vector for hijacking program execution flow control.

Impact

A remote, unauthenticated attacker can trigger kernel memory corruption, potentially enabling arbitrary code execution (RCE) with kernel privileges, privilege escalation, or causing system failure (denial of service).

Mitigation & patch

Apply patches available from the vendor according to the references — appropriate commits have been published in the Linux kernel stable repository (git.kernel.org). It is recommended to update the kernel to a version containing the aforementioned fixes.

Who is affected

Linux Kernel — versions indicated in vendor references (commits available at the addresses provided in the references section).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    < 6.18.246.19 – 6.19.14 (bez)7.0 – 7.0.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...