CVE-2026-31711

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A leak of the active num conn counter occurs in the ksmbd tcp new connection() function when alloc transport() fails. An unauthenticated remote attacker can trigger this by initiating TCP connections to port 445 or by creating memory pressure using connections with large RFC1002 lengths up to MAX STREAM PROT LEN. Because the counter is incremented in ksmbd kthread fn() but not decremented upon allocation failure, each failure permanently consumes a slot from the max connections pool. Once the threshold is reached, all subsequent connection attempts are rejected until the module is reloaded.

Recommendations Decrement active num conn on the alloc transport() failure path, gated on server conf.max connections.