SB2026062305 - Improper access control in Linux kernel ksmbd mgmt
Published: June 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2026-52911)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to access another user's session.
The vulnerability exists due to improper access control in ksmbd_session_lookup_all() when processing a binding SESSION_SETUP request. A remote user can send a crafted session lookup request to access another user's session.
The issue occurs because a connection-wide binding flag can remain set after a binding SESSION_SETUP, allowing the global session lookup path to resolve sessions not bound to that connection.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1e2bec062c5c9ec282636715166056d0998d746d
- https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8cb87f7cac818e6a6
- https://git.kernel.org/stable/c/2cc8a4db633b10715450b291c1343859a4b2c509
- https://git.kernel.org/stable/c/974c1c224e85549dc3459f3bb2255bbbdd2b9372
- https://git.kernel.org/stable/c/b0da97c034b6107d14e537e212d4ce8b22109a58
- https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a
- https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5bd3a3648c6d8de87