Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.

INFO

Published Date :

2026-04-06T07:38:21.223Z

Last Modified :

2026-04-27T14:02:56.938Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31409 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31409.

URL Resource
https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03 cve-icon cve-icon
https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60 cve-icon cve-icon
https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921 cve-icon cve-icon
https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca cve-icon cve-icon
https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772 cve-icon cve-icon
https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040629-CVE-2026-31409-d22c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31409 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31409 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact