CVE-2026-31392Exposure of Data Element to Wrong Session in Linux

CWE-488Exposure of Data Element to Wrong Session6 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client was reusing SMB session from first mount to try mounting the other shares, even though a different username= option had been specified to the other mounts. By using username mount option along with se

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux4ff67b720c02c36e54d55b88c2931879b7db1cd2fd4547830720647d4af02ee50f883c4b1cca06e4+8
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-h833-487p-56g8: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of2026-04-03
OSV
CVE-2026-31392: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of th2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: smb: client: fix krb5 mount with username option2026-04-03
Debian
CVE-2026-31392: linux - In the Linux kernel, the following vulnerability has been resolved: smb: client...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31392 Impact, Exploitability, and Mitigation Steps | Wiz