Skip to main content

Linux Kernel CVE-2026-31537

| EUVDEUVD-2026-25430 MEDIUM
2026-04-24 Linux GHSA-2996-rjmh-m244
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 19:22 vuln.today
CVSS changed
Apr 28, 2026 - 19:22 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 19:09 nvd
Patch available
Patch available
Apr 24, 2026 - 16:01 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25430
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:30 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

smb: server: make use of smbdirect_socket.send_io.bcredits

It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send.

In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.

AnalysisAI

Denial of service in Linux kernel SMB server implementation allows local authenticated users to crash the system by triggering data stream corruption through improper credit management in smbdirect socket operations. The vulnerability affects kernel versions prior to 6.18.11, 6.19.1, and 7.0, and requires local access with limited privileges to exploit.

Technical ContextAI

The vulnerability exists in the Linux kernel's SMB server implementation, specifically in the smbdirect socket credit management mechanism. The smbdirect protocol uses credit-based flow control to manage data transfer between client and server. The flaw occurs when the kernel fails to properly synchronize batch credits for reassembled data transfer messages, allowing immediate empty sends to corrupt the message stream. The underlying issue is improper handling of the send_io.bcredits field in smbdirect_socket structures, which maintains per-connection credit allocation for message batching. This is a local denial of service condition affecting the SMB server component of the kernel.

RemediationAI

Update the Linux kernel to version 6.18.11, 6.19.1, 7.0 or later, depending on the currently deployed stable series. Patched versions are available directly from kernel.org stable repositories at https://git.kernel.org/stable/. For systems unable to immediately patch, disable SMB server services (smbd daemon) if not actively required using systemctl disable smbd && systemctl stop smbd, which eliminates the attack surface entirely. Network-level isolation of SMB ports (445/TCP) to trusted clients only provides partial mitigation but does not address local authentication attacks. Kernel updates may require system restart to take effect; plan maintenance windows accordingly. Organizations running SMB server functionality should prioritize patching within normal patch cycles rather than emergency timelines due to the low exploitation risk demonstrated by EPSS scoring.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31537 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy