Linux Kernel ksmbd Session Expiration Vulnerability Allows Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's ksmbd component. When a multichannel session binding request fails, the session state is incorrectly set to expired. This issue arises because the session referenced during the binding process belongs to a different user's connection. As a result, a remote attacker can invalidate active sessions by sending binding requests with incorrect passwords. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability allows remote attackers to disrupt active sessions, causing a denial-of-service condition on the affected system.

Reproduction

To reproduce this vulnerability, initiate a multichannel session binding request in ksmbd with an incorrect password. The server will mistakenly expire the session, even though it belongs to a different connection's user. This can be done repeatedly to invalidate active sessions.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version that includes the fix.