CVE-2026-31476

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ksmbd: do not expire session on binding failure<br /> <br /> When a multichannel session binding request fails (e.g. wrong password),<br /> the error path unconditionally sets sess-&gt;state = SMB2_SESSION_EXPIRED.<br /> However, during binding, sess points to the target session looked up via<br /> ksmbd_session_lookup_slowpath() -- which belongs to another connection&amp;#39;s<br /> user. This allows a remote attacker to invalidate any active session by<br /> simply sending a binding request with a wrong password (DoS).<br /> <br /> Fix this by skipping session expiration when the failed request was<br /> a binding attempt, since the session does not belong to the current<br /> connection. The reference taken by ksmbd_session_lookup_slowpath() is<br /> still correctly released via ksmbd_user_session_put().