SB2026061077 - Inclusion of Sensitive Information in Log Files in Linux kernel crypto caam driver



SB2026061077 - Inclusion of Sensitive Information in Log Files in Linux kernel crypto caam driver

Published: June 10, 2026

Security Bulletin ID SB2026061077
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2026-46291)

CWE-ID: CWE-532 - Information Exposure Through Log Files

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to insertion of sensitive information into log files in hash_digest_key in the caam hash implementation when debug hex dumps are generated with CONFIG_DYNAMIC_DEBUG enabled. A local user can read exposed HMAC key bytes from debug output to disclose sensitive information.

The issue affects HMAC key material handled by the CAAM crypto driver.


Remediation

Install update from vendor's website.