SB2026040647 - Improper access control in Linux kernel smb client
Published: April 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2026-31392)
The vulnerability allows a local user to gain access to a share using incorrect credentials.
The vulnerability exists due to improper access control in the smb client session matching logic when processing cifs mounts with sec=krb5 and a username mount option. A local user can mount another share with a different username option to gain access to a share using incorrect credentials.
The issue occurs when Kerberos mounts reuse an SMB session from a previous mount even though a different username was specified, which can cause a mount that should fail with -ENOKEY to proceed with the first user's session.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12b4c5d98cd7ca46d5035a57bcd995df614c14e1
- https://git.kernel.org/stable/c/6e9ff1eb7feedcf46ff2d0503759960ab58e7775
- https://git.kernel.org/stable/c/9229709ec8bf85ae7ca53aeee9aa14814cdc1bd2
- https://git.kernel.org/stable/c/9ee803bfdba0cf739038dbdabdd4c02582c8f2b2
- https://git.kernel.org/stable/c/d33cbf0bf8979d779900da9be2505d68d9d8da25
- https://git.kernel.org/stable/c/fd4547830720647d4af02ee50f883c4b1cca06e4