CVE-2026-31717— ksmbd 持久句柄重连所有者验证漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-31717 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ksmbd: validate owner of durable handle on reconnect
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID. According to MS-SMB2, the server MUST verify that the SecurityContext of the reconnect request matches the SecurityContext associated with the existing open. Add a durable_owner structure to ksmbd_file to store the original opener's UID, GID, and account name. and catpure the owner information when a file handle becomes orphaned. and implementing ksmbd_vfs_compare_durable_owner() to validate the identity of the requester during SMB2_CREATE (DHnC).
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-31717 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-31717 的情报信息
Please 登录 to view more intelligence information
同批安全公告 · Linux · 2026-05-01 · 共 146 条
| CVE-2026-43037 | 9.8 CRITICAL | ip6_tunnel 远程代码执行漏洞 |
| CVE-2026-43038 | 9.8 CRITICAL | IPv6 ICMP ip6_err_gen_icmpv6_unreach() 内存越界漏洞 |
| CVE-2026-43039 | 9.8 CRITICAL | TI ICSSG PRUSS 以太网驱动 ZC RX 调度数据拷贝缺失及回收错误漏洞 |
| CVE-2026-43011 | 9.8 CRITICAL | Linux X.25模块 潜在双重释放漏洞 |
| CVE-2026-31705 | 9.8 CRITICAL | ksmbd smb2_get_ea() EA对齐越界写入漏洞 |
| CVE-2026-31718 | 9.8 CRITICAL | Linux ksmbd 远程代码执行漏洞 |
| CVE-2026-43048 | 8.8 HIGH | HID核心模块移除虚假memset导致越界访问漏洞 |
| CVE-2026-31739 | 8.8 HIGH | Tegra 驱动缺少 CRYPTO_ALG_ASYNC 标志漏洞 |
| CVE-2026-31735 | 8.8 HIGH | iommupt: 修复映射中短收集漏洞 |
| CVE-2026-31773 | 8.8 HIGH | 蓝牙 SMP 遗留响应者 STK 认证漏洞 |
| CVE-2026-43018 | 8.8 HIGH | 蓝牙hci_event:修复hci_le_remote_conn_param_req_evt中的UAF漏洞 |
| CVE-2026-31709 | 8.8 HIGH | SMB客户端cifsacl DACL重写前验证漏洞 |
| CVE-2026-31706 | 8.8 HIGH | ksmbd: smb_inherit_dacl() 访问控制验证与强化漏洞 |
| CVE-2026-31712 | 8.3 HIGH | ksmbd smb_check_perm_dacl权限检查漏洞 |
| CVE-2026-31779 | 8.1 HIGH | iwlwifi iwl_mvm_nd_match_info_handler 越界读取漏洞 |
| CVE-2026-31771 | 8.1 HIGH | 蓝牙 hci_event 唤醒原因存储漏洞 |
| CVE-2026-43051 | 8.1 HIGH | Wacom HID驱动程序越界读取漏洞 |
| CVE-2026-31708 | 8.1 HIGH | smb2_ioctl_query_info 越界读取漏洞 |
| CVE-2026-43019 | 7.8 HIGH | 蓝牙协议栈HCI连接参数同步UAF漏洞 |
| CVE-2026-31772 | 7.8 HIGH | Bluetooth: hci_sync 栈缓冲区溢出漏洞 |
显示前 20 条,共 146 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-31717
暂无评论