CVE-2026-31609CRITICAL 9.8EPSS p36.2%

CVE-2026-31609CVE-2026-31609

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.2% · 2026-06-18T12:00:27Z
Published2026-04-24
Last modified2026-04-29

Underlying weaknesses· 1

CWE-415

References

  1. https://git.kernel.org/stable/c/22b7c1c619d808aec4cad3dc42103345e370d107
  2. https://git.kernel.org/stable/c/27b7c3e916218b5eb2ee350211140e961bfc49be
  3. https://git.kernel.org/stable/c/a9940dcbe5cb92482c04efc7341039ddf7dbf607
  4. https://git.kernel.org/stable/c/f9a162c2bbcd0ac85bd07c5b37cf20286048b65c

1

TypeTargetConfidenceTier
WeaknessDouble Freecwe-4150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31608
CVE
CVE-2026-31536
CVE
CVE-2026-23228
CVE
CVE-2026-31409
CVE
CVE-2026-31612
CVE
CVE-2024-35865
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.