VYPR
← All advisories
High severity7.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31538

CVE-2026-31538

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: server: make use of smbdirect_socket.recv_io.credits.available

The logic off managing recv credits by counting posted recv_io and granted credits is racy.

That's because the peer might already consumed a credit, but between receiving the incoming recv at the hardware and processing the completion in the 'recv_done' functions we likely have a window where we grant credits, which don't really exist.

So we better have a decicated counter for the available credits, which will be incremented when we posted new recv buffers and drained when we grant the credits to the peer.

This fixes regression Namjae reported with the 6.18 release.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A race condition in the Linux kernel's SMB server credit management can cause resource exhaustion and denial of service.

A race condition exists in the Linux kernel's SMB server implementation. The vulnerability stems from the flawed logic of managing receive (recv) credits by counting posted recv_io and granted credits, without a dedicated counter for available credits [1]. This creates a window where the server may grant credits that are not actually available, leading to a resource exhaustion scenario [1].

An attacker can exploit this by sending crafted SMB requests that manipulate credit counts during the race window, bypassing authentication as no special privileges are required to trigger the flaw. The attack is network-based and can be performed remotely, exploiting the timing gap between hardware receipt of incoming data and processing of completions [1].

The primary impact is a denial of service (DoS) condition, as excessive credit grants can exhaust kernel memory or resources. The vulnerability also results in system instability and potential crashes, as described in the official description [1].

Patches have been merged into the Linux kernel stable branches, as referenced in commits [2] and [3]. Users are advised to apply these updates immediately. This issue is not listed in CISA's Known Exploited Vulnerabilities catalog at the time of publication.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.18,<6.18.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.