VYPR
← All advisories
Critical severity9.8NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31536

CVE-2026-31536

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: server: let send_done handle a completion without IB_SEND_SIGNALED

With smbdirect_send_batch processing we likely have requests without IB_SEND_SIGNALED, which will be destroyed in the final request that has IB_SEND_SIGNALED set.

If the connection is broken all requests are signaled even without explicit IB_SEND_SIGNALED.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel SMB server mishandles RDMA send completions without IB_SEND_SIGNALED, leading to potential memory corruption.

Vulnerability

In the Linux kernel's SMB server, the smbdirect_send_batch processing can result in requests without the IB_SEND_SIGNALED flag. These requests are normally destroyed only when a subsequent request with the flag completes. However, if the connection is broken, all pending requests are signaled regardless of the flag, causing the completion handler to be invoked on already-freed or incorrectly managed memory.

Exploitation

An attacker with network access to a vulnerable SMB server over RDMA (e.g., using SMB Direct) could potentially trigger a connection break to force the unexpected completion. This does not require authentication if the SMB server allows anonymous connections. The resulting use-after-free or double-free can lead to kernel memory corruption.

Impact

Successful exploitation could allow an unauthenticated remote attacker to crash the system (denial of service) or potentially execute arbitrary code with kernel privileges. Given the CVSS score of 9.8, the impact is critical.

Mitigation

The vulnerability is fixed in the Linux kernel stable versions via commits [1], [2], and [3]. Administrators should apply the latest kernel updates from their distribution. No workaround is available.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=5.15,<6.18.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.