CVE-2026-31609 — Vulnetix

CVE-2026-31609 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.

EPSS 0.07% · 20.7th percentile

Risk Scores

EPSS Score

0.07%

20.7th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	*, 6.18.24, 6.19.14
linux	linux_kernel	0, 0, 0

Timeline

Apr 24, 2026 CVE Published
Apr 24, 2026 Security Advisory
Apr 27, 2026 Security Advisory
Apr 29, 2026 CVE Updated
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score
May 25, 2026 EPSS Score

References

https://git.kernel.org/stable/c/a9940dcbe5cb92482c04efc7341039ddf7dbf607 url
https://git.kernel.org/stable/c/22b7c1c619d808aec4cad3dc42103345e370d107 url
https://git.kernel.org/stable/c/f9a162c2bbcd0ac85bd07c5b37cf20286048b65c url
https://nvd.nist.gov/vuln/detail/CVE-2026-31609 advisory

Open in Interactive Console →