Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn->binding on failed binding request When a multichannel SMB2_SESSION_SETUP request with SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true but never clears it on the error path. This leaves the connection in a binding state where all subsequent ksmbd_session_lookup_all() calls fall back to the global sessions table. This fix it by clearing conn->binding = false in the error path.
Product status
f5a544e3bab78142207e0242d22442db85ba1eff (git) before d073870dab8f6dadced81d13d273ff0b21cb7f4e
f5a544e3bab78142207e0242d22442db85ba1eff (git) before 6ebef4a220a1ebe345de899ebb9ae394206fe921
f5a544e3bab78142207e0242d22442db85ba1eff (git) before 89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
f5a544e3bab78142207e0242d22442db85ba1eff (git) before 9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
f5a544e3bab78142207e0242d22442db85ba1eff (git) before 6260fc85ed1298a71d24a75d01f8b2e56d489a60
f5a544e3bab78142207e0242d22442db85ba1eff (git) before 282343cf8a4a5a3603b1cb0e17a7083e4a593b03
5.15
Any version before 5.15
6.1.167 (semver)
6.6.130 (semver)
6.12.78 (semver)
6.18.20 (semver)
6.19.10 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/d073870dab8f6dadced81d13d273ff0b21cb7f4e
git.kernel.org/...c/6ebef4a220a1ebe345de899ebb9ae394206fe921
git.kernel.org/...c/89afe5e2dbea6e9d8e5f11324149d06fa3a4efca
git.kernel.org/...c/9feb2d1bf86d9e5e66b8565f37f8d3a7d281a772
git.kernel.org/...c/6260fc85ed1298a71d24a75d01f8b2e56d489a60
git.kernel.org/...c/282343cf8a4a5a3603b1cb0e17a7083e4a593b03