UNKNOWNCVE-2026-31409
ksmbd: unset conn->binding on failed binding request
Platform
linux
Component
linux
Fixed in
d073870dab8f6dadced81d13d273ff0b21cb7f4e
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
How to fix
Actualice el kernel de Linux a la versión 6.6.130 o posterior para corregir esta vulnerabilidad. La actualización corrige un error en el manejo de solicitudes de enlace en ksmbd, evitando que las conexiones fallen y potencialmente permitan el acceso no autorizado a recursos compartidos de archivos.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free