smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()

...

smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

...

SUSE CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

SUSE CVE-2026-31608

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectflushsendlist smbdirectflushsendlist already calls smbdirectfreesendmsg, so we should not call it again after postsendmsg moved it to the batch list...

SUSE CVE-2026-31613

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length validation, leaving the symlink parsers as the only defense against an...

CVE-2026-31612

A flaw was found in ksmbd, a Linux kernel module. A remote attacker can exploit this vulnerability by sending a specially crafted client request to the smb2getea function. Due to improper validation of the EaNameLength field, the system may leak uninitialized heap memory values, leading to...

CVE-2026-31609

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability, a double-free, occurs in the smbdfreesendio function after smbdsendbatchflush has already freed the memory. This memory corruption can lead to a denial of service DoS for the affected system. Mitigation To...

CVE-2026-31537

A flaw was found in the Linux kernel's Server Message Block SMB server. An attacker could exploit this vulnerability by triggering an immediate empty send operation, which would corrupt the stream of reassembled data transfer messages. This corruption could lead to data integrity issues or...

CVE-2026-31536

A flaw was found in the Linux kernel's Server Message Block SMB direct server implementation. This issue occurs during smbdirectsendbatch processing where requests without the IBSENDSIGNALED flag may be incorrectly handled when a connection is broken. This could lead to unexpected behavior relate...

CVE-2026-31535

A flaw was found in the Linux kernel. A race condition exists in the SMB client's receive credit management, specifically in how smbdirectsocket.recvio.credits.available are handled. This could lead to incorrect credit allocation, potentially causing instability or unexpected behavior within the...

CVE-2026-31534

No description is available for this CVE...

CVE-2026-31608

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectflushsendlist smbdirectflushsendlist already calls smbdirectfreesendmsg, so we should not call it again after postsendmsg moved it to the batch list...

DEBIAN-CVE-2026-31609

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after smbdpostsend moved it to the batch list...

DEBIAN-CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

DEBIAN-CVE-2026-31613

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length validation, leaving the symlink parsers as the only defense against an...

DEBIAN-CVE-2026-31539

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

CVE-2026-31536

In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...

CVE-2026-31535

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

CVE-2026-31614

MODE C: CVE-2026-31614 is a kernel SMB client vulnerability (Linux kernel). The issue is an out-of-bounds read in check_wsl_eas() that can leak up to 8 bytes of kernel heap via the EA name/value handling, potentially affecting how WSL ext attributes are interpreted. Patches have been released/mer...

CVE-2026-31613

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length validation, leaving the symlink parsers as the only defense against an...