CVE-2026-43377
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Don't log keys in SMB3 signing and encryption key generation
When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 4084ed720d7d5f4e975c9e4a6267a552dad3b24a | affected |
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < fec5c70b82af3f59f15bb984df94e5ad1fccfb1e | affected |
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 3fe2d9ec166b7df9a8df6c0fdcfc210572e27e3f | affected |
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 407cc37c21d51f9b9d4d20204b04890880cfa6ae | affected |
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < c6b01b997a2094969e315f1ebfc1d64b8ae2163d | affected |
| Linux | Linux | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 441336115df26b966575de56daf7107ed474faed | affected |
| Linux | Linux | 5.15 | affected |
| Linux | Linux | 0 < 5.15 | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.130 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.78 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.20 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.9 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4084ed720d7d5f4e975c9e4a6267a552dad3b24a
- https://git.kernel.org/stable/c/fec5c70b82af3f59f15bb984df94e5ad1fccfb1e
- https://git.kernel.org/stable/c/3fe2d9ec166b7df9a8df6c0fdcfc210572e27e3f
- https://git.kernel.org/stable/c/407cc37c21d51f9b9d4d20204b04890880cfa6ae
- https://git.kernel.org/stable/c/c6b01b997a2094969e315f1ebfc1d64b8ae2163d
- https://git.kernel.org/stable/c/441336115df26b966575de56daf7107ed474faed
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.