CVE-2026-31717

Name of the Vulnerable Software and Affected Versions Linux kernel ksmbd (affected versions not specified)

Description The ksmbd SMB server fails to verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows an authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID. To address this, the server must ensure the SecurityContext of the reconnect request matches the SecurityContext associated with the existing open. The fix involves using a durable owner structure within ksmbd file to store the original opener's UID, GID, and account name, and implementing the ksmbd vfs compare durable owner() function to validate the requester's identity during SMB2 CREATE (DHnC).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.