{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31609","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.122Z","datePublished":"2026-04-24T14:42:30.797Z","dateUpdated":"2026-04-27T14:04:22.299Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-04-27T14:04:22.299Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()\n\nsmbd_send_batch_flush() already calls smbd_free_send_io(),\nso we should not call it again after smbd_post_send()\nmoved it to the batch list."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/client/smbdirect.c"],"versions":[{"version":"cca0526ef2344cab6944d7f441fc24e152da031b","lessThan":"a9940dcbe5cb92482c04efc7341039ddf7dbf607","status":"affected","versionType":"git"},{"version":"37b5c06956183b65e6808b509cf637632016cdf7","lessThan":"22b7c1c619d808aec4cad3dc42103345e370d107","status":"affected","versionType":"git"},{"version":"21538121efe6c8c5b51c742fa02cbe820bc48714","lessThan":"f9a162c2bbcd0ac85bd07c5b37cf20286048b65c","status":"affected","versionType":"git"},{"version":"21538121efe6c8c5b51c742fa02cbe820bc48714","lessThan":"27b7c3e916218b5eb2ee350211140e961bfc49be","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/client/smbdirect.c"],"versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","status":"unaffected","versionType":"semver"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0.1","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1-rc1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.11","versionEndExcluding":"6.18.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.1","versionEndExcluding":"6.19.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.1-rc1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a9940dcbe5cb92482c04efc7341039ddf7dbf607"},{"url":"https://git.kernel.org/stable/c/22b7c1c619d808aec4cad3dc42103345e370d107"},{"url":"https://git.kernel.org/stable/c/f9a162c2bbcd0ac85bd07c5b37cf20286048b65c"},{"url":"https://git.kernel.org/stable/c/27b7c3e916218b5eb2ee350211140e961bfc49be"}],"title":"smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()","x_generator":{"engine":"bippy-1.2.0"}}}}