CVE-2026-46283
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()
tpm_dev_release() uses plain kfree() to free chip->auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data (struct tpm2_auth).
Every other code path that frees this structure uses kfree_sensitive() to zero the memory before releasing it: both tpm2_end_auth_session() and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path is the only one that does not, leaving key material in freed slab memory until it is eventually overwritten.
Use kfree_sensitive() for consistency with the rest of the driver and to ensure session keys are scrubbed during device teardown.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < dd3ac52ea7a001406c7dbc663aae4b9f89da679a | affected |
| Linux | Linux | 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < 53e6d2d834df40960b655b353e7a8ff4d927e1c7 | affected |
| Linux | Linux | 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < 84ced03172da544c9f8c0862faad48104f519352 | affected |
| Linux | Linux | 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < c424d2664f08c77f08b4580b5f0cbaabf7c229b2 | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.12.86 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.27 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a
- https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7
- https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352
- https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.