CVE-2026-31409

April 7, 2026, 1:20 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *
Smb
  • Smb2
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /
a smb smb2 / / / / / / / /

References

https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03
https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60
https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921
https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-04-06
CVE-2026-31409

Timeline

Published: April 6, 2026, 8:16 a.m.
Last Modified: April 7, 2026, 1:20 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.