{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31717", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.134Z", "datePublished": "2026-05-01T13:56:12.012Z", "dateUpdated": "2026-05-01T13:56:12.012Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-01T13:56:12.012Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate owner of durable handle on reconnect\n\nCurrently, ksmbd does not verify if the user attempting to reconnect\nto a durable handle is the same user who originally opened the file.\nThis allows any authenticated user to hijack an orphaned durable handle\nby predicting or brute-forcing the persistent ID.\n\nAccording to MS-SMB2, the server MUST verify that the SecurityContext\nof the reconnect request matches the SecurityContext associated with\nthe existing open.\nAdd a durable_owner structure to ksmbd_file to store the original opener's\nUID, GID, and account name. and catpure the owner information when a file\nhandle becomes orphaned. and implementing ksmbd_vfs_compare_durable_owner()\nto validate the identity of the requester during SMB2_CREATE (DHnC)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c", "fs/smb/server/oplock.c", "fs/smb/server/oplock.h", "fs/smb/server/smb2pdu.c", "fs/smb/server/vfs_cache.c", "fs/smb/server/vfs_cache.h"], "versions": [{"version": "c8efcc786146a951091588e5fa7e3c754850cb3c", "lessThan": "00ce8d6789dae72d042a4522264964c72891ca37", "status": "affected", "versionType": "git"}, {"version": "c8efcc786146a951091588e5fa7e3c754850cb3c", "lessThan": "c908c853f304a4969b5aa10eba0b50350cc65b80", "status": "affected", "versionType": "git"}, {"version": "c8efcc786146a951091588e5fa7e3c754850cb3c", "lessThan": "49110a8ce654bbe56bef7c5e44cce31f4b102b8a", "status": "affected", "versionType": "git"}, {"version": "8df4bcdb0a4232192b2445256c39b787d58ef14d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/mgmt/user_session.c", "fs/smb/server/oplock.c", "fs/smb/server/oplock.h", "fs/smb/server/smb2pdu.c", "fs/smb/server/vfs_cache.c", "fs/smb/server/vfs_cache.h"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.25", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.2", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.25"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.1-rc1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.32"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/00ce8d6789dae72d042a4522264964c72891ca37"}, {"url": "https://git.kernel.org/stable/c/c908c853f304a4969b5aa10eba0b50350cc65b80"}, {"url": "https://git.kernel.org/stable/c/49110a8ce654bbe56bef7c5e44cce31f4b102b8a"}], "title": "ksmbd: validate owner of durable handle on reconnect", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate owner of durable handle on reconnect\n\nCurrently, ksmbd does not verify if the user attempting to reconnect\nto a durable handle is the same user who originally opened the file.\nThis allows any authenticated user to hijack an orphaned durable handle\nby predicting or brute-forcing the persistent ID.\n\nAccording to MS-SMB2, the server MUST verify that the SecurityContext\nof the reconnect request matches the SecurityContext associated with\nthe existing open.\nAdd a durable_owner structure to ksmbd_file to store the original opener's\nUID, GID, and account name. and catpure the owner information when a file\nhandle becomes orphaned. and implementing ksmbd_vfs_compare_durable_owner()\nto validate the identity of the requester during SMB2_CREATE (DHnC)."}], "id": "CVE-2026-31717", "lastModified": "2026-05-01T15:24:14.893", "metrics": {}, "published": "2026-05-01T14:16:21.860", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00ce8d6789dae72d042a4522264964c72891ca37"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/49110a8ce654bbe56bef7c5e44cce31f4b102b8a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c908c853f304a4969b5aa10eba0b50350cc65b80"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}