CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: server: make use of smbdirect_socket.recv_io.credits.available<br /> <br /> The logic off managing recv credits by counting posted recv_io and<br /> granted credits is racy.<br /> <br /> That&amp;#39;s because the peer might already consumed a credit,<br /> but between receiving the incoming recv at the hardware<br /> and processing the completion in the &amp;#39;recv_done&amp;#39; functions<br /> we likely have a window where we grant credits, which<br /> don&amp;#39;t really exist.<br /> <br /> So we better have a decicated counter for the<br /> available credits, which will be incremented<br /> when we posted new recv buffers and drained when<br /> we grant the credits to the peer.<br /> <br /> This fixes regression Namjae reported with<br /> the 6.18 release.