In the Linux kernel, the following vulnerability has been resolved:
smb: server: make use of smbdirectsocket.sendio.bcredits
It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send.
In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31537.json",
"cna_assigner": "Linux"
}