Improper Authentication in Linux Kernel ksmbd for Durable Handle Reconnection
CVE-2026-31717

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31717?

A significant vulnerability exists in the Linux Kernel's ksmbd that fails to appropriately validate the user attempting to reconnect to a durable handle. This oversight permits any authenticated user to potentially hijack an orphaned durable handle simply by predicting or brute-forcing the persistent ID. The SMB2 protocol mandates that the server verifies the SecurityContext of the reconnect request against the original user's SecurityContext. The absence of this validation compromises the security integrity of file handling, necessitating the implementation of a durable_owner structure within ksmbd_file to store the original owner’s UID, GID, and account name. This recent patch addresses the critical requirement for accurate user identity verification during the SMB2_CREATE operation.

Affected Version(s)

Linux c8efcc786146a951091588e5fa7e3c754850cb3c < 00ce8d6789dae72d042a4522264964c72891ca37

Linux c8efcc786146a951091588e5fa7e3c754850cb3c

Linux c8efcc786146a951091588e5fa7e3c754850cb3c < 49110a8ce654bbe56bef7c5e44cce31f4b102b8a

References

https://git.kernel.org/stable/c/00ce8d6789dae72d042a45222...

https://git.kernel.org/stable/c/c908c853f304a4969b5aa10eb...

https://git.kernel.org/stable/c/49110a8ce654bbe56bef7c5e4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31717 Data

JSON