HIGHCVE-2026-31409Published Modified CNA Linux
CVE-2026-31409: ksmbd: unset conn->binding on failed binding request
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
0282343cf8a4a5a3603b1cb0e17a7083e4a593b036.1.1676.6.1306.12.786.18.206.19.106260fc85ed1298a71d24a75d01f8b2e56d489a606ebef4a220a1ebe345de899ebb9ae394206fe9217.089afe5e2dbea6e9d8e5f11324149d06fa3a4efca9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772d073870dab8f6dadced81d13d273ff0b21cb7f4e
Affected packages
- Linux / Linux< d073870dab8f6dadced81d13d273ff0b21cb7f4e (from f5a544e3bab78142207e0242d22442db85ba1eff) · < 6ebef4a220a1ebe345de899ebb9ae394206fe921 (from f5a544e3bab78142207e0242d22442db85ba1eff) · < 89afe5e2dbea6e9d8e5f11324149d06fa3a4efca (from f5a544e3bab78142207e0242d22442db85ba1eff) · < 9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772 (from f5a544e3bab78142207e0242d22442db85ba1eff) · < 6260fc85ed1298a71d24a75d01f8b2e56d489a60 (from f5a544e3bab78142207e0242d22442db85ba1eff) · < 282343cf8a4a5a3603b1cb0e17a7083e4a593b03 (from f5a544e3bab78142207e0242d22442db85ba1eff)
- Linux / Linux5.15Fixed in 0, 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H