CVE-2026-31717
ksmbd Durable Handle Owner Validation Flaw
Publication date: 2026-05-01
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.6.32 (inc) to 6.7 (exc) |
| linux | linux_kernel | 7.1 |
| linux | linux_kernel | From 6.19 (inc) to 7.0.2 (exc) |
| linux | linux_kernel | From 6.9 (inc) to 6.18.25 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ksmbd component, where it fails to verify that the user attempting to reconnect to a durable handle is the same user who originally opened the file.
Because ksmbd does not check the owner of the durable handle on reconnect, any authenticated user can hijack an orphaned durable handle by predicting or brute-forcing its persistent ID.
The fix involves adding a durable_owner structure to store the original opener's user ID, group ID, and account name, and validating the identity of the requester during the reconnect process to ensure it matches the original owner.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated user to hijack file handles that they do not own by reconnecting to orphaned durable handles.
Such unauthorized access could lead to data exposure, unauthorized file operations, or potential privilege escalation depending on the permissions associated with the hijacked handle.