Improper access control in Linux kernel - CVE-2026-52911
Published: June 23, 2026
Vulnerability identifier: #VU135027
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-52911
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote user to access another user's session.
The vulnerability exists due to improper access control in ksmbd_session_lookup_all() when processing a binding SESSION_SETUP request. A remote user can send a crafted session lookup request to access another user's session.
The issue occurs because a connection-wide binding flag can remain set after a binding SESSION_SETUP, allowing the global session lookup path to resolve sessions not bound to that connection.
How to mitigate CVE-2026-52911
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1e2bec062c5c9ec282636715166056d0998d746d
- https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8cb87f7cac818e6a6
- https://git.kernel.org/stable/c/2cc8a4db633b10715450b291c1343859a4b2c509
- https://git.kernel.org/stable/c/974c1c224e85549dc3459f3bb2255bbbdd2b9372
- https://git.kernel.org/stable/c/b0da97c034b6107d14e537e212d4ce8b22109a58
- https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a
- https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5bd3a3648c6d8de87