CVE-2026-31535

Summary: CVE-2026-31535 affects the Linux kernel SMB client receive credit management. A race in handling smbdirect_socket.recv_io.credits.available can cause over- or under-counted credits, potentially destabilizing the SMB receive path. The root cause is a window where a peer might have consume...

CVE-2026-31534

CVE-2026-31534 affects the Linux kernel SMB client logic. In smbdirect_send_batch processing, requests may exist without the IB_SEND_SIGNALED flag and could be destroyed by the final request that carries IB_SEND_SIGNALED. If the connection is broken, all outstanding requests are signaled even wit...

PT-2026-34965

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client when parsing symlink error responses. When a CREATE request returns STATUS STOPPED ON SYMLINK, the smb2 check message function returns success without...

PT-2026-34960

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the SMB server component. The function smb direct flush send list already invokes smb direct free sendmsg, leading to a second call to smb direct free sendm...

PT-2026-34963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the parse dacl function compares each Access Control Entry ACE Security Identifier SID against sid unix NFS mode. If sid unix NFS mode is the prefix S-1-5-88-3 with...

PT-2026-34887

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect socket.recv io.credits.available The logic off managing recv credits by counting posted recv io and granted credits is racy. That's because the peer might already consumed a credit, but between...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of EaNameLength in smb2getea, potentially leading to the leakage of...

PT-2026-34886

In the Linux kernel, the following vulnerability has been resolved: smb: client: let send done handle a completion without IB SEND SIGNALED With smbdirect send batch processing we likely have requests without IB SEND SIGNALED, which will be destroyed in the final request that has IB SEND SIGNALED...

ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

...

CVE-2026-31476

A flaw was found in ksmbd in the Linux kernel. A remote attacker can exploit this vulnerability by sending a multichannel session binding request with an incorrect password. This improper handling of failed binding requests can cause an active session to expire, leading to a Denial of Service DoS...

CVE-2026-31444

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability involves a use-after-free and a NULL pointer dereference within the smbgrantoplock function during the oplock publication sequence. An attacker could potentially exploit these issues, leading to memory corruption. This...

CVE-2026-31444

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...

PT-2026-34381

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the ksmbd module occurs when a multichannel session binding request fails, such as due to an incorrect password. In these instances, the error path unconditionally sets the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013442)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013442 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of- bounds read and OOPS for SMB2WRITE, when there is a large...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013424)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013424 advisory. The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013599 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010701 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2TREECONNECT...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010754 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2handlenegotiate error...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010738 advisory. The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011392 advisory. A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local...