CVE-2026-31543

Summary

In the Linux kernel, the following vulnerability has been resolved:

crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying

When debug logging is enabled, read_key_from_user_keying() logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux479e58549b0fa7e80f1e0b9e69e0a2a8e6711132 < 4897bd307ba8757c31a3325ba6730961be606016affected
LinuxLinux479e58549b0fa7e80f1e0b9e69e0a2a8e6711132 < ed8d91f469845d62d44c565a55d2ab1767969357affected
LinuxLinux479e58549b0fa7e80f1e0b9e69e0a2a8e6711132 < 36f46b0e36892eba08978eef7502ff3c94ddba77affected
LinuxLinux6.16affected
LinuxLinux0 < 6.16unaffected
LinuxLinux6.18.20 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References