CVE-2026-31444

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The smb grant oplock() function in ksmbd contains two issues. First, a use-after-free occurs when opinfo is linked into ci->m op list before add lease global list() is called; if the latter fails, the error path frees opinfo while it remains linked, leading concurrent readers to dereference the freed node. Second, a NULL dereference occurs because opinfo->o fp is assigned after add lease global list() publishes opinfo on the global lease list, allowing find same lease key() to dereference opinfo->o fp->f ci while o fp is still NULL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.