CVE-2026-31717

Published: Mag 01, 2026 Last Modified: Mag 03, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate owner of durable handle on reconnect

Currently, ksmbd does not verify if the user attempting to reconnect
to a durable handle is the same user who originally opened the file.
This allows any authenticated user to hijack an orphaned durable handle
by predicting or brute-forcing the persistent ID.

According to MS-SMB2, the server MUST verify that the SecurityContext
of the reconnect request matches the SecurityContext associated with
the existing open.
Add a durable_owner structure to ksmbd_file to store the original opener's
UID, GID, and account name. and catpure the owner information when a file
handle becomes orphaned. and implementing ksmbd_vfs_compare_durable_owner()
to validate the identity of the requester during SMB2_CREATE (DHnC).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

Single Data Point

Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.

https://git.kernel.org/stable/c/00ce8d6789dae72d042a4522264…
https://git.kernel.org/stable/c/00ce8d6789dae72d042a4522264964c72891ca37
https://git.kernel.org/stable/c/49110a8ce654bbe56bef7c5e44c…
https://git.kernel.org/stable/c/49110a8ce654bbe56bef7c5e44cce31f4b102b8a
https://git.kernel.org/stable/c/c908c853f304a4969b5aa10eba0…
https://git.kernel.org/stable/c/c908c853f304a4969b5aa10eba0b50350cc65b80