CVE-2026-31409
Published: Apr 6, 2026
Modified: Jun 1, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f5a544e3bab78142207e0242d22442db85ba1eff - < 7e8b270813079c785696bce8802a3f920665c88caffected f5a544e3bab78142207e0242d22442db85ba1eff - < d073870dab8f6dadced81d13d273ff0b21cb7f4eaffected f5a544e3bab78142207e0242d22442db85ba1eff - < 6ebef4a220a1ebe345de899ebb9ae394206fe921affected f5a544e3bab78142207e0242d22442db85ba1eff - < 89afe5e2dbea6e9d8e5f11324149d06fa3a4efcaaffected f5a544e3bab78142207e0242d22442db85ba1eff - < 9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772+2 more versions |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 5.15.209 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*+4 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now