CVE-2026-31409

Source
https://cve.org/CVERecord?id=CVE-2026-31409
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31409.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31409
Downstream
Published
2026-04-06T07:38:21.223Z
Modified
2026-07-15T01:49:16.795543689Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ksmbd: unset conn->binding on failed binding request
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: unset conn->binding on failed binding request

When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbdsessionlookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31409.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f5a544e3bab78142207e0242d22442db85ba1eff
Fixed
7e8b270813079c785696bce8802a3f920665c88c
Fixed
d073870dab8f6dadced81d13d273ff0b21cb7f4e
Fixed
6ebef4a220a1ebe345de899ebb9ae394206fe921
Fixed
89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
Fixed
9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
Fixed
6260fc85ed1298a71d24a75d01f8b2e56d489a60
Fixed
282343cf8a4a5a3603b1cb0e17a7083e4a593b03

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31409.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31409.json"