CVE-2026-31409

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ksmbd module. Specifically, when a multichannel SMB2 SESSION SETUP request with SMB2 SESSION REQ FLAG BINDING fails, the conn->binding flag is incorrectly set to true and not cleared in the error path. This results in the connection remaining in a binding state, causing subsequent ksmbd session lookup all() calls to default to the global sessions table.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.