CRITICAL🇵🇱 Wersja polska

CVE-2026-31609

CVSS 9.8v3.1pub. 2026-04-24upd. 2026-04-29

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.

🤖 AI Analysis
How it works

The smbd_send_batch_flush() function independently calls smbd_free_send_io() to free input/output resources. After the operation is moved to the batch list by smbd_post_send(), smbd_free_send_io() is called again on the same object, resulting in double-free of the same memory. Such a memory management error can lead to heap corruption and system instability or arbitrary code execution.

Impact

An attacker can cause kernel memory corruption, which may in turn enable remote code execution (RCE), privilege escalation, or system crash (denial of service).

Mitigation & patch

Patches available from the vendor should be applied according to the references: commits 22b7c1c619d8, 27b7c3e91621, a9940dcbe5cb and f9a162c2bbcd available in the stable Linux kernel repository (git.kernel.org/stable).

Who is affected

Linux Kernel — versions indicated in vendor references (patches available at addresses in git.kernel.org references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    < 6.18.246.19 – 6.19.14 (bez)7.0 – 7.0.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...