CVE-2026-31409

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs when a multichannel Server Message Block (SMB2) session setup request, specifically one with a binding flag, fails. Due to an error in handling this failure, ksmbd incorrectly retains a binding state for the connection. This can lead to all subsequent session lookups falling back to a global sessions table, potentially causing unexpected session management and service disruption.