Description
In the Linux kernel, the following vulnerability has been resolved:

smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(),
so we should not call it again after post_sendmsg()
moved it to the batch list.
Published: 2026-04-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A double‑free bug in the Linux kernel SMB server is triggered by calling smb_direct_free_sendmsg() twice, once by smb_direct_flush_send_list() and again after a message is sent. This flaw, identified as CWE‑1341 and CWE‑415, can corrupt kernel memory structures, although the advisory text does not mention any observed crashes or exploitation. The vulnerability has been resolved by moving the duplicate call to the batch list so that both paths are no longer executed.

Affected Systems

The issue affects Linux kernel releases that do not yet contain the referenced commits, as indicated by the Git commit links in the advisory. Administrators should verify that the running kernel includes the fix applied in the commits listed, otherwise the system remains vulnerable.

Risk and Exploitability

The CVSS score of 9.8 underscores the criticality, while the EPSS value of <1% suggests a low likelihood of current exploitation. The double‑free occurs within the SMB protocol stack, so a likely attack vector would be an attacker sending malicious SMB packets to trigger the flaw. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 30, 2026 at 14:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest stable Linux kernel that includes the patch from the referenced Git commits to eliminate the double‑free error.
  • Reboot the host to load the updated kernel so that the SMB service runs the fixed code path.
  • If SMB is unnecessary, disable the service or restrict access to trusted hosts with firewall rules.

Generated by OpenCVE AI on April 30, 2026 at 14:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
References

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.
Title smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:12:06.013Z

Reserved: 2026-03-09T15:48:24.122Z

Link: CVE-2026-31608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:40.063

Modified: 2026-04-29T20:03:44.060

Link: CVE-2026-31608

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31608 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:15:40Z

Weaknesses