VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31537

CVE-2026-31537

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: server: make use of smbdirect_socket.send_io.bcredits

It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send.

In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel SMB server data stream corruption on empty send fixed by introducing a single batch credit per connection.

The Linux kernel's SMB server (smbdirect) contains a vulnerability where an immediate (empty) send can corrupt the stream of reassembled data transfer messages. The root cause is improper credit management in the smbdirect_socket.send_io path, leading to out-of-order or corrupted data reassembly.

The vulnerability can be triggered by a remote attacker with network access to the SMB server. No authentication is explicitly required, as the issue occurs during data transfer handling. An attacker could craft a specific sequence of SMB Direct messages to induce an empty send, causing the corruption.

Successful exploitation could lead to data integrity issues in SMB Direct communications, potentially resulting in denial of service or data corruption. The impact is limited to the SMB over RDMA (smbdirect) functionality.

The fix introduces a single 'batch' credit per connection, ensuring that only one logical send is in progress at a time. This patch has been applied to the Linux kernel stable tree via commits [1][2][3]. Users are advised to update to the latest kernel version to mitigate this vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=5.15,<6.18.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.