CVE-2026-31536 PUBLISHED

smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 25.04.2026

In the Linux kernel, the following vulnerability has been resolved:

smb: server: let send_done handle a completion without IB_SEND_SIGNALED

With smbdirect_send_batch processing we likely have requests without IB_SEND_SIGNALED, which will be destroyed in the final request that has IB_SEND_SIGNALED set.

If the connection is broken all requests are signaled even without explicit IB_SEND_SIGNALED.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 24082642654f3e5149913946e89c00a297a8868f (excl.) affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to e38b415c024bc3b6321bf8650dbf3f4aab8e74b3 (excl.) affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 9da82dc73cb03e85d716a2609364572367a5ff47 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.15 is affected unaffected from 0 to 5.15 (excl.) unaffected from 6.18.11 to 6.18.* (incl.) unaffected from 6.19.1 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-31536 PUBLISHED

smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Product Status

References