What is CVE-2026-52911?

CVE-2026-52911 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 5.15.209, 6.1.175, 6.6.141 and others. CVE-2026-52911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-52911?

CVE-2026-52911 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-52911?

Yes, CVE-2026-52911 has been patched. Fixed versions include 5.15.209, 6.1.175, 6.6.141 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-52911 actively exploited?

CVE-2026-52911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slowpath to bound sessions only When the binding SESSION_SETUP sets conn->binding = true, the flag stays set after the call so that the global session lookup in ksmbd_session_lookup_all() can find the session, which was not added to conn->sessions. Because the flag is connection-wide, the global lookup path will also resolve any other session by id if asked. Tighten the global lookup so that the returned session must have this connection registered in its channel xarray (sess->ksmbd_chann_list). The channel entry is installed by the existing binding_session path in ntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes successfully, so this condition is a strict equivalent of "this connection has been accepted as a channel of this session". Connections that have not bound to a given session cannot reach it via the global table. The existing conn->binding gate for entering the slowpath is preserved so that non-binding connections keep the fast-path-only behavior, and the session->state check is unchanged.

Package Linux Kernel

Published 2026-06-21

Last modified 2026-06-21

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.141 6.6.x ✓ 6.12.91 6.12.x ✓ 6.18.33 6.18.x ✓ 7.0.10 7.0.x ✓ 7.1

References

7 total

Showing 5 of 7 references View all on NVD

Frequently asked questions

What is CVE-2026-52911?

CVE-2026-52911 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 5.15.209, 6.1.175, 6.6.141 and others. CVE-2026-52911 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-52911?

Yes — CVE-2026-52911 has been patched. Fixed versions include 5.15.209, 6.1.175, 6.6.141 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-52911 actively exploited?

No — CVE-2026-52911 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.