{"id":"CVE-2026-52911","summary":"ksmbd: scope conn-\u003ebinding slowpath to bound sessions only","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: scope conn-\u003ebinding slowpath to bound sessions only\n\nWhen the binding SESSION_SETUP sets conn-\u003ebinding = true, the flag stays\nset after the call so that the global session lookup in\nksmbd_session_lookup_all() can find the session, which was not added to\nconn-\u003esessions. Because the flag is connection-wide, the global lookup\npath will also resolve any other session by id if asked.\n\nTighten the global lookup so that the returned session must have this\nconnection registered in its channel xarray (sess-\u003eksmbd_chann_list).\nThe channel entry is installed by the existing binding_session path in\nntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes\nsuccessfully, so this condition is a strict equivalent of \"this\nconnection has been accepted as a channel of this session\". Connections\nthat have not bound to a given session cannot reach it via the global\ntable.\n\nThe existing conn-\u003ebinding gate for entering the slowpath is preserved\nso that non-binding connections keep the fast-path-only behavior, and\nthe session-\u003estate check is unchanged.","modified":"2026-06-23T04:02:17.659546157Z","published":"2026-06-21T06:18:49.342Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52911.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1e2bec062c5c9ec282636715166056d0998d746d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8cb87f7cac818e6a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2cc8a4db633b10715450b291c1343859a4b2c509"},{"type":"WEB","url":"https://git.kernel.org/stable/c/974c1c224e85549dc3459f3bb2255bbbdd2b9372"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b0da97c034b6107d14e537e212d4ce8b22109a58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5bd3a3648c6d8de87"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52911.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-52911"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f5a544e3bab78142207e0242d22442db85ba1eff"},{"fixed":"e74c00c6af428a39e564cdc5bd3a3648c6d8de87"},{"fixed":"e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a"},{"fixed":"1ff46c9915c1cbf454db58a8cb87f7cac818e6a6"},{"fixed":"974c1c224e85549dc3459f3bb2255bbbdd2b9372"},{"fixed":"2cc8a4db633b10715450b291c1343859a4b2c509"},{"fixed":"1e2bec062c5c9ec282636715166056d0998d746d"},{"fixed":"b0da97c034b6107d14e537e212d4ce8b22109a58"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-52911.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.15.0"},{"fixed":"5.15.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.141"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.91"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-52911.json"}}],"schema_version":"1.7.5"}