{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31409","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.087Z","datePublished":"2026-04-06T07:38:21.223Z","dateUpdated":"2026-05-11T22:08:09.135Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:08:09.135Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: unset conn->binding on failed binding request\n\nWhen a multichannel SMB2_SESSION_SETUP request with\nSMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true\nbut never clears it on the error path. This leaves the connection in\na binding state where all subsequent ksmbd_session_lookup_all() calls\nfall back to the global sessions table. This fix it by clearing\nconn->binding = false in the error path."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2pdu.c"],"versions":[{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"d073870dab8f6dadced81d13d273ff0b21cb7f4e","status":"affected","versionType":"git"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"6ebef4a220a1ebe345de899ebb9ae394206fe921","status":"affected","versionType":"git"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"89afe5e2dbea6e9d8e5f11324149d06fa3a4efca","status":"affected","versionType":"git"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772","status":"affected","versionType":"git"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"6260fc85ed1298a71d24a75d01f8b2e56d489a60","status":"affected","versionType":"git"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"282343cf8a4a5a3603b1cb0e17a7083e4a593b03","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/smb/server/smb2pdu.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.10","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.12.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.18.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.19.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d273ff0b21cb7f4e"},{"url":"https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899ebb9ae394206fe921"},{"url":"https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca"},{"url":"https://git.kernel.org/stable/c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772"},{"url":"https://git.kernel.org/stable/c/6260fc85ed1298a71d24a75d01f8b2e56d489a60"},{"url":"https://git.kernel.org/stable/c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03"}],"title":"ksmbd: unset conn->binding on failed binding request","x_generator":{"engine":"bippy-1.2.0"}}}}