47 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...
SUSE CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
The CVE-2026-52911 vulnerability affects the Linux kernel ksmbd code path. When a SESSION_SETUP binds a connection (conn->binding = true), a global session lookup could incorrectly resolve sessions not actually added to the connection’s session list. The fix tightens the global lookup so that ...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
PT-2026-51201
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, a flaw exists where the conn-binding flag remains set after a SESSION SETUP call. Because this flag is connection-wide, the global session lookup function ksmbd...
Linux Distros Unpatched Vulnerability : CVE-2026-52911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed a race condition between session lookup and expire operations. Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | //...
CVE-2026-31476
In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...
CVE-2026-31409
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...
PT-2026-30577
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ksmbd module. Specifically, when a multichannel SMB2 SESSION SETUP request with SMB2 SESSION REQ FLAG BINDING fails, the conn-binding flag is...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to clear the binding state after a binding request fails, potentially leading to session...
SUSE CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
AZL-78425 CVE-2025-71150 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
UBUNTU-CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
CVE-2025-71150 relates to a Linux kernel KSMD (ksmbd) refcount leak: when a session is found during session lookup but SMB2_SESSION_VALID is not set, the reference count for that session is not decremented. The patch fixes this by explicitly calling ksmbd_user_session_put to release the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...