In the Linux kernel, the following vulnerability has been resolved:

ksmbd: unset conn->binding on failed binding request

When a multichannel SMB2_SESSION_SETUP request with
SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true
but never clears it on the error path. This leaves the connection in
a binding state where all subsequent ksmbd_session_lookup_all() calls
fall back to the global sessions table. This fix it by clearing
conn->binding = false in the error path.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < d073870dab8f6dadced81d13d273ff0b21cb7f4e
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 6ebef4a220a1ebe345de899ebb9ae394206fe921
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 6260fc85ed1298a71d24a75d01f8b2e56d489a60
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 282343cf8a4a5a3603b1cb0e17a7083e4a593b03
Linux Linux affected
Version Status Constraints
6.1.167 unaffected ≤ 6.1.*
6.6.130 unaffected ≤ 6.6.*
6.12.78 unaffected ≤ 6.12.*
6.18.20 unaffected ≤ 6.18.*
6.19.10 unaffected ≤ 6.19.*
7.0-rc5 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03 cve-icon cve-icon
https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60 cve-icon cve-icon
https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921 cve-icon cve-icon
https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca cve-icon cve-icon
https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772 cve-icon cve-icon
https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e cve-icon cve-icon
History

Mon, 06 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
Title ksmbd: unset conn->binding on failed binding request
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-06T07:38:21.223Z

Reserved: 2026-03-09T15:48:24.087Z

Link: CVE-2026-31409

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-06T08:16:38.943

Modified: 2026-04-06T08:16:38.943

Link: CVE-2026-31409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.