CVE-2026-31608CRITICAL 9.8EPSS p36.2%

CVE-2026-31608CVE-2026-31608

Description

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should not call it again after post_sendmsg() moved it to the batch list.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.2% · 2026-06-18T12:00:27Z
Published2026-04-24
Last modified2026-04-29

Underlying weaknesses· 1

CWE-415

References

  1. https://git.kernel.org/stable/c/2ba03f46132b0d1a7bafb86e1ef61951a2254023
  2. https://git.kernel.org/stable/c/6968c91fab05b8fc4d6700e0cf34472bb422df25
  3. https://git.kernel.org/stable/c/830de6eeb9db4cb7e758201fb99328ef4ca4b032
  4. https://git.kernel.org/stable/c/84ff995ae826aa6bbcc6c7b9ea569ff67c021d72

1

TypeTargetConfidenceTier
WeaknessDouble Freecwe-4150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31609
CVE
CVE-2026-31536
CVE
CVE-2026-23228
CVE
CVE-2024-35865
CVE
CVE-2026-31613
CVE
CVE-2026-31612
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.