CVE-2026-46283

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

tpm_dev_release() uses plain kfree() to free chip->auth, which contains
sensitive cryptographic material including HMAC session keys, nonces,
and passphrase data (struct tpm2_auth).

Every other code path that frees this structure uses kfree_sensitive()
to zero the memory before releasing it: both tpm2_end_auth_session()
and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path
is the only one that does not, leaving key material in freed slab
memory until it is eventually overwritten.

Use kfree_sensitive() for consistency with the rest of the driver and
to ensure session keys are scrubbed during device teardown.

https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7…

https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7

https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faa…

https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352

https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0…

https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2

https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aa…

https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a

CVE-2026-46283

Description

Iscriviti alla newsletter