CVE-2026-31409Detection of Error Condition Without Action in Linux

CWE-390Detection of Error Condition Without Action29 documents7 sources
Severity
7.8HIGH
No vector
EPSS
0.0%
top 97.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxf5a544e3bab78142207e0242d22442db85ba1effd073870dab8f6dadced81d13d273ff0b21cb7f4e+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-5qj3-gjq7-62fm: In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SE2026-04-06
OSV
CVE-2026-31409: In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESS2026-04-06

📋Vendor Advisories

2
Red Hat
kernel: ksmbd: unset conn->binding on failed binding request2026-04-06
Debian
CVE-2026-31409: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: unse...2026

🕵️Threat Intelligence

23
Wiz
CVE-2025-33220 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2023-54203 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2017-20229 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-3856 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-68350 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-31409 kernel: ksmbd: unset conn->binding on failed binding request2026-04-06