VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31543

CVE-2026-31543

Description

In the Linux kernel, the following vulnerability has been resolved:

crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying

When debug logging is enabled, read_key_from_user_keying() logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel crash_dump logs dm-crypt key bytes in debug messages; fix stops key logging.

Vulnerability

In the Linux kernel's crash_dump subsystem, the function read_key_from_user_keying() logs the first 8 bytes of the dm-crypt key payload when debug logging is enabled [1]. This exposes part of the symmetric key used for disk encryption.

Exploitation

Exploitation requires that debug logging is enabled in the kernel, which is not the default but may be turned on by administrators for troubleshooting. An attacker with local access to system logs (e.g., via dmesg or log files) can read the exposed key bytes.

Impact

A local attacker who can read kernel log messages can recover the first 8 bytes of the dm-crypt key. While not the full key, this reduces the key space and aids in brute-force attacks or cryptanalysis.

Mitigation

The fix, committed as stable kernel patches [1][2][3], removes all key bytes from debug logging. Users should apply these patches or disable debug logging for crash_dump. No workaround other than patching is available.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Linux/Kernel5 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.16,<6.18.20
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.