Linux Kernel ksmbd: Clearing binding flag on failed session setup
CVE-2026-31409 Published on April 6, 2026
ksmbd: unset conn->binding on failed binding request
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: unset conn->binding on failed binding request
When a multichannel SMB2_SESSION_SETUP request with
SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true
but never clears it on the error path. This leaves the connection in
a binding state where all subsequent ksmbd_session_lookup_all() calls
fall back to the global sessions table. This fix it by clearing
conn->binding = false in the error path.
Products Associated with CVE-2026-31409
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below d073870dab8f6dadced81d13d273ff0b21cb7f4e is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 6ebef4a220a1ebe345de899ebb9ae394206fe921 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 89afe5e2dbea6e9d8e5f11324149d06fa3a4efca is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 6260fc85ed1298a71d24a75d01f8b2e56d489a60 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 282343cf8a4a5a3603b1cb0e17a7083e4a593b03 is affected.
- Version 6.1.167, <= 6.1.* is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.78, <= 6.12.* is unaffected.
- Version 6.18.20, <= 6.18.* is unaffected.
- Version 6.19.10, <= 6.19.* is unaffected.
- Version 7.0-rc5, <= * is unaffected.