7.5

CVE-2026-31538

EPSS 0.05%
Veröffentlicht 24.04.2026 14:30:25
Zuletzt bearbeitet 28.04.2026 18:59:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

smb: server: make use of smbdirect_socket.recv_io.credits.available

In the Linux kernel, the following vulnerability has been resolved:

smb: server: make use of smbdirect_socket.recv_io.credits.available

The logic off managing recv credits by counting posted recv_io and
granted credits is racy.

That's because the peer might already consumed a credit,
but between receiving the incoming recv at the hardware
and processing the completion in the 'recv_done' functions
we likely have a window where we grant credits, which
don't really exist.

So we better have a decicated counter for the
available credits, which will be incremented
when we posted new recv buffers and drained when
we grant the credits to the peer.

This fixes regression Namjae reported with
the 6.18 release.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.18 < 6.18.11

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/66c082e3d4651e8629a393a9e182b01eb50fb0a3

Patch

https://git.kernel.org/stable/c/809cbd31aa4f87a1b889532244c9cf30eb022385

Patch

https://git.kernel.org/stable/c/26ad87a2cfb8c1384620d1693a166ed87303046e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-31538

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31538

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31538

EUVD