CVE-2026-31535

EUVD-2026-25428

24.04.2026, 15:16

In the Linux kernel, the following vulnerability has been resolved:

smb: client: make use of smbdirect_socket.recv_io.credits.available

The logic off managing recv credits by counting posted recv_io and
granted credits is racy.

That's because the peer might already consumed a credit,
but between receiving the incoming recv at the hardware
and processing the completion in the 'recv_done' functions
we likely have a window where we grant credits, which
don't really exist.

So we better have a decicated counter for the
available credits, which will be incremented
when we posted new recv buffers and drained when
we grant the credits to the peer.

TOCTOU

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.18 ≤ 𝑥 < 6.18.11
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.1

𝑥

= Vulnerable software versions

Amazon Linux Releases

Amazon Package

Release

bpftool6.18

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

bpftool6.18-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel-livepatch-6.18.15-14.217

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel6.18

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-debuginfo-common-aarch64

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-debuginfo-common-x86_64

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-devel

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-headers

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-libbpf

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-libbpf-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-libbpf-devel

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-libbpf-static

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-modules-extra

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-modules-extra-common

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-tools

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-tools-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

kernel6.18-tools-devel

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

perf6.18

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

perf6.18-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

python3-perf6.18

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

python3-perf6.18-debuginfo

Amazon Linux 2023

1:6.18.15-14.217.amzn2023

fixed

Common Weakness Enumeration

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, welche zu einem Denial-of-Service-Zustand, einer Rechteausweitung, der Ausführung von Code oder einer Speicherbeschädigung führen könnten.
Published: 2026-04-26T22:00:00+00:00

References

https://git.kernel.org/stable/c/9911b1ed187a770a43950bf51f340ad4b7beecba

https://git.kernel.org/stable/c/be8845ad5d6558703d20567d8702155598325db8

https://git.kernel.org/stable/c/f664e6e8a81103cb45c8802a9bc7499e0902c458