Home / Vulnerability Intelligence / CVE-2026-31608

CVE-2026-31608 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 27, 2026

Linux Kernel SMB Server - Denial of Service

Published: April 24, 2026Updated: April 27, 2026Remote Exploitable

Overview

Linux kernel contains a double-free vulnerability in smb_direct_free_sendmsg after smb_direct_flush_send_list, caused by redundant free calls in SMB server code, letting attackers cause denial of service, exploit requires crafted SMB messages.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can cause denial of service by triggering a double-free, potentially crashing the system or kernel.

Mitigation

Update to the latest Linux kernel version containing the fix.

References

https://git.kernel.org/stable/c/2ba03f46132b0d1a7bafb86e1ef61951a2254023
https://git.kernel.org/stable/c/6968c91fab05b8fc4d6700e0cf34472bb422df25
https://git.kernel.org/stable/c/830de6eeb9db4cb7e758201fb99328ef4ca4b032
https://git.kernel.org/stable/c/84ff995ae826aa6bbcc6c7b9ea569ff67c021d72

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31608
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H