SMB2_SESSION_SETUP Vulnerability in Linux Kernel Affects Multiple Distributions
CVE-2026-31409

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-31409?

This vulnerability in the Linux kernel’s ksmbd component impacts the handling of multichannel SMB2_SESSION_SETUP requests. When a binding request fails, the connection erroneously retains a binding state, which can lead to improper fallbacks to the global session table during subsequent lookups. This behavior could potentially disrupt the stability and reliability of SMB connections. The fix involves correctly resetting the conn->binding state upon a binding request failure, ensuring that subsequent session operations function as intended.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6ebef4a220a1ebe345de899ebb9ae394206fe921

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 89afe5e2dbea6e9d8e5f11324149d06fa3a4efca

References

https://git.kernel.org/stable/c/d073870dab8f6dadced81d13d...

https://git.kernel.org/stable/c/6ebef4a220a1ebe345de899eb...

https://git.kernel.org/stable/c/89afe5e2dbea6e9d8e5f11324...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31409 Data

JSON