In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send. In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.

A flaw was found in the Linux kernel's Server Message Block (SMB) server. An attacker could exploit this vulnerability by triggering an immediate (empty) send operation, which would corrupt the stream of reassembled data transfer messages. This corruption could lead to data integrity issues or potentially a denial of service.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31537 https://nvd.nist.gov/vuln/detail/CVE-2026-31537 https://lore.kernel.org/linux-cve-announce/2026042434-CVE-2026-31537-6202@gregkh/T