SB2026061077 - Inclusion of Sensitive Information in Log Files in Linux kernel crypto caam driver
Published: June 10, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2026-46291)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to insertion of sensitive information into log files in hash_digest_key in the caam hash implementation when debug hex dumps are generated with CONFIG_DYNAMIC_DEBUG enabled. A local user can read exposed HMAC key bytes from debug output to disclose sensitive information.
The issue affects HMAC key material handled by the CAAM crypto driver.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/177730a273b18e195263ed953853273e901b5064
- https://git.kernel.org/stable/c/2adbfca7452eeac45117b8e803288a2767f7075f
- https://git.kernel.org/stable/c/5cffe3c136891aa4d579bf5c079a68f7cb371b0c
- https://git.kernel.org/stable/c/b8f12d9b00c1950779e5679b9c13908584682bb6
- https://git.kernel.org/stable/c/c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48