7.5
/ 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
In the Linux kernel, the following vulnerability has been resolved:
smb: server: make use of smbdirect_socket.recv_io.credits.available
The logic off managing recv credits by counting posted recv_io and
granted credits is racy.
That's because the peer might already consumed a credit,
but between receiving the incoming recv at the hardware
and processing the completion in the 'recv_done' functions
we likely have a window where we grant credits, which
don't really exist.
So we better have a decicated counter for the
available credits, which will be incremented
when we posted new recv buffers and drained when
we grant the credits to the peer.
This fixes regression Namjae reported with
the 6.18 release.
smb: server: make use of smbdirect_socket.recv_io.credits.available
The logic off managing recv credits by counting posted recv_io and
granted credits is racy.
That's because the peer might already consumed a credit,
but between receiving the incoming recv at the hardware
and processing the completion in the 'recv_done' functions
we likely have a window where we grant credits, which
don't really exist.
So we better have a decicated counter for the
available credits, which will be incremented
when we posted new recv buffers and drained when
we grant the credits to the peer.
This fixes regression Namjae reported with
the 6.18 release.
Basic Information
ID
CVE-2026-31538
Source
Linux
Published
Apr 24, 2026 at 14:30
Modified
Apr 27, 2026 at 14:03
Affected Product
Vendor
Linux
Product
Linux
Version
89b021a72663c4d96d8a8b85272bb42d991a1c6f
Affected Versions
Linux Linux 89b021a72663c4d96d8a8b85272bb42d991a1c6f
Linux Linux 89b021a72663c4d96d8a8b85272bb42d991a1c6f
Linux Linux 89b021a72663c4d96d8a8b85272bb42d991a1c6f
Linux Linux 6.18
Linux Linux 89b021a72663c4d96d8a8b85272bb42d991a1c6f
Linux Linux 89b021a72663c4d96d8a8b85272bb42d991a1c6f
Linux Linux 6.18