CVE-2026-31608

Published: Apr 24, 2026Modified: Apr 29, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.18.24
Linux Linux Kernel	From 6.19 to 6.19.14
Linux Linux Kernel	From 7.0 to 7.0.1

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://git.kernel.org/stable/c/2ba03f46132b0d1a7bafb86e1ef61951a2254023

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/6968c91fab05b8fc4d6700e0cf34472bb422df25

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/830de6eeb9db4cb7e758201fb99328ef4ca4b032

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/84ff995ae826aa6bbcc6c7b9ea569ff67c021d72

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.