Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T00:00:00 kernel: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-1341

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should not call it again after smbd_post_send() moved it to the batch list.

A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability, a double-free, occurs in the `smbd_free_send_io()` function after `smbd_send_batch_flush()` has already freed the memory. This memory corruption can lead to a denial of service (DoS) for the affected system.

SMB Direct batch flush could double-free send I/O structures; upstream orders frees correctly. Red Hat recommends patched kernels for SMB client users leveraging RDMA/Direct. Unload `cifs` where SMB client access is not needed. To mitigate this issue, prevent the cifs module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31609 https://nvd.nist.gov/vuln/detail/CVE-2026-31609 https://lore.kernel.org/linux-cve-announce/2026042421-CVE-2026-31609-fc3f@gregkh/T