Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T00:00:00 kernel: smb: client: make use of smbdirect_socket.recv_io.credits.available 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-367

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and granted credits is racy. That's because the peer might already consumed a credit, but between receiving the incoming recv at the hardware and processing the completion in the 'recv_done' functions we likely have a window where we grant credits, which don't really exist. So we better have a decicated counter for the available credits, which will be incremented when we posted new recv buffers and drained when we grant the credits to the peer.

A flaw was found in the Linux kernel. A race condition exists in the SMB client's receive credit management, specifically in how `smbdirect_socket.recv_io.credits.available` are handled. This could lead to incorrect credit allocation, potentially causing instability or unexpected behavior within the system.

This flaw concerns SMB Direct credit accounting in the CIFS client; races could corrupt credits and destabilize I/O. Red Hat aligns with upstream MODERATE handling and will ship the fix via kernel maintenance. Workloads using SMB multichannel/Direct should plan for updates. To mitigate this issue, prevent the cifs module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31535 https://nvd.nist.gov/vuln/detail/CVE-2026-31535 https://lore.kernel.org/linux-cve-announce/2026042433-CVE-2026-31535-1c83@gregkh/T