CVE Catalog

CVE-2026-46291

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

In the Linux kernel, the CAAM cryptographic driver leaks HMAC key bytes via hex dumps in hash_digest_key(). Using print_hex_dump() instead of print_hex_dump_devel() exposes sensitive key material at runtime when CONFIG_DYNAMIC_DEBUG is enabled.

Risk Assessment

The organization risks exposure of secret HMAC keys, potentially compromising the integrity and confidentiality of data encrypted or signed by the CAAM hardware accelerator.

Recommendation

Immediately update the Linux kernel to a version containing the fix that replaces print_hex_dump() with print_hex_dump_devel() in drivers/crypto/caam/caamalg.c.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hash_digest_key Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in hash_digest_key() to avoid leaking secrets at runtime when CONFIG_DYNAMIC_DEBUG is enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS