CVE-2026-46283

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/06/2026
Last modified:
08/07/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()<br /> <br /> tpm_dev_release() uses plain kfree() to free chip-&gt;auth, which contains<br /> sensitive cryptographic material including HMAC session keys, nonces,<br /> and passphrase data (struct tpm2_auth).<br /> <br /> Every other code path that frees this structure uses kfree_sensitive()<br /> to zero the memory before releasing it: both tpm2_end_auth_session()<br /> and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path<br /> is the only one that does not, leaving key material in freed slab<br /> memory until it is eventually overwritten.<br /> <br /> Use kfree_sensitive() for consistency with the rest of the driver and<br /> to ensure session keys are scrubbed during device teardown.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.10 (including) 6.12.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)