CVE-2026-31537

smb: server: make use of smbdirect_socket.send_io.bcredits

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 25.04.2026

In the Linux kernel, the following vulnerability has been resolved:

smb: server: make use of smbdirect_socket.send_io.bcredits

It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send.

In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 5ef18a2e66f2f33fdac64437bddfb9fe6389fdc7 (excl.) affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 79242e7b6bc63efec28b7c235bc320806afce6c0 (excl.) affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 34abd408c8ba24d7c97bd02ba874d8c714f49db1 (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 5ef18a2e66f2f33fdac64437bddfb9fe6389fdc7 (excl.)
affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 79242e7b6bc63efec28b7c235bc320806afce6c0 (excl.)
affected from 0626e6641f6b467447c81dd7678a69c66f7746cf to 34abd408c8ba24d7c97bd02ba874d8c714f49db1 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.15 is affected unaffected from 0 to 5.15 (excl.) unaffected from 6.18.11 to 6.18.* (incl.) unaffected from 6.19.1 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 5.15 is affected
unaffected from 0 to 5.15 (excl.)
unaffected from 6.18.11 to 6.18.* (incl.)
unaffected from 6.19.1 to 6.19.* (incl.)
unaffected from 7.0 to * (incl.)

References

CVE-2026-31537 PUBLISHED

smb: server: make use of smbdirect_socket.send_io.bcredits

Product Status

References