CVE-2026-52911

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/06/2026
Last modified:
08/07/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ksmbd: scope conn-&gt;binding slowpath to bound sessions only<br /> <br /> When the binding SESSION_SETUP sets conn-&gt;binding = true, the flag stays<br /> set after the call so that the global session lookup in<br /> ksmbd_session_lookup_all() can find the session, which was not added to<br /> conn-&gt;sessions. Because the flag is connection-wide, the global lookup<br /> path will also resolve any other session by id if asked.<br /> <br /> Tighten the global lookup so that the returned session must have this<br /> connection registered in its channel xarray (sess-&gt;ksmbd_chann_list).<br /> The channel entry is installed by the existing binding_session path in<br /> ntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes<br /> successfully, so this condition is a strict equivalent of "this<br /> connection has been accepted as a channel of this session". Connections<br /> that have not bound to a given session cannot reach it via the global<br /> table.<br /> <br /> The existing conn-&gt;binding gate for entering the slowpath is preserved<br /> so that non-binding connections keep the fast-path-only behavior, and<br /> the session-&gt;state check is unchanged.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15 (including) 5.15.209 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.175 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.141 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.91 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.33 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.10 (excluding)