High severity8.1NVD Advisory· Published May 8, 2026· Updated May 15, 2026
CVE-2026-43377
CVE-2026-43377
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Don't log keys in SMB3 signing and encryption key generation
When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/3fe2d9ec166b7df9a8df6c0fdcfc210572e27e3fnvdPatch
- git.kernel.org/stable/c/407cc37c21d51f9b9d4d20204b04890880cfa6aenvdPatch
- git.kernel.org/stable/c/4084ed720d7d5f4e975c9e4a6267a552dad3b24anvdPatch
- git.kernel.org/stable/c/441336115df26b966575de56daf7107ed474faednvdPatch
- git.kernel.org/stable/c/c6b01b997a2094969e315f1ebfc1d64b8ae2163dnvdPatch
- git.kernel.org/stable/c/fec5c70b82af3f59f15bb984df94e5ad1fccfb1envdPatch
News mentions
0No linked articles in our index yet.