Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-46283

Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/06/2026
Última modificación:
08/07/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()<br /> <br /> tpm_dev_release() uses plain kfree() to free chip-&gt;auth, which contains<br /> sensitive cryptographic material including HMAC session keys, nonces,<br /> and passphrase data (struct tpm2_auth).<br /> <br /> Every other code path that frees this structure uses kfree_sensitive()<br /> to zero the memory before releasing it: both tpm2_end_auth_session()<br /> and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path<br /> is the only one that does not, leaving key material in freed slab<br /> memory until it is eventually overwritten.<br /> <br /> Use kfree_sensitive() for consistency with the rest of the driver and<br /> to ensure session keys are scrubbed during device teardown.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.10 (incluyendo) 6.12.86 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (incluyendo) 6.18.27 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (incluyendo) 7.0.4 (excluyendo)