8.8
CVE-2026-31409
- EPSS 0.45%
- Veröffentlicht 06.04.2026 08:16:38
- Zuletzt bearbeitet 01.06.2026 17:16:46
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ksmbd: unset conn->binding on failed binding request
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 6.1.167
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.130
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.78
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.20
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.10
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.359 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03
https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60
https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921
https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e
https://git.kernel.org/stable/c/7e8b270813079c785696bce8802a3f920665c88c