CVE-2026-43377
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
8.1
Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 4084ed720d7d5f4e975c9e4a6267a552dad3b24aaffected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < fec5c70b82af3f59f15bb984df94e5ad1fccfb1eaffected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 3fe2d9ec166b7df9a8df6c0fdcfc210572e27e3faffected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < 407cc37c21d51f9b9d4d20204b04890880cfa6aeaffected e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 - < c6b01b997a2094969e315f1ebfc1d64b8ae2163d+1 more versions |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*unaffected 6.12.78 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now