{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46283", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.110Z", "datePublished": "2026-06-08T15:41:26.425Z", "dateUpdated": "2026-06-14T18:06:13.398Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-14T18:06:13.398Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Use kfree_sensitive() to free auth session in tpm_dev_release()\n\ntpm_dev_release() uses plain kfree() to free chip->auth, which contains\nsensitive cryptographic material including HMAC session keys, nonces,\nand passphrase data (struct tpm2_auth).\n\nEvery other code path that frees this structure uses kfree_sensitive()\nto zero the memory before releasing it: both tpm2_end_auth_session()\nand tpm_buf_check_hmac_response() do so. The tpm_dev_release() path\nis the only one that does not, leaving key material in freed slab\nmemory until it is eventually overwritten.\n\nUse kfree_sensitive() for consistency with the rest of the driver and\nto ensure session keys are scrubbed during device teardown."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/tpm/tpm-chip.c"], "versions": [{"version": "699e3efd6c645c741ea4d6d58282c56b6d108cf7", "lessThan": "dd3ac52ea7a001406c7dbc663aae4b9f89da679a", "status": "affected", "versionType": "git"}, {"version": "699e3efd6c645c741ea4d6d58282c56b6d108cf7", "lessThan": "53e6d2d834df40960b655b353e7a8ff4d927e1c7", "status": "affected", "versionType": "git"}, {"version": "699e3efd6c645c741ea4d6d58282c56b6d108cf7", "lessThan": "84ced03172da544c9f8c0862faad48104f519352", "status": "affected", "versionType": "git"}, {"version": "699e3efd6c645c741ea4d6d58282c56b6d108cf7", "lessThan": "c424d2664f08c77f08b4580b5f0cbaabf7c229b2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/tpm/tpm-chip.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a"}, {"url": "https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7"}, {"url": "https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352"}, {"url": "https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2"}], "title": "tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Use kfree_sensitive() to free auth session in tpm_dev_release()\n\ntpm_dev_release() uses plain kfree() to free chip->auth, which contains\nsensitive cryptographic material including HMAC session keys, nonces,\nand passphrase data (struct tpm2_auth).\n\nEvery other code path that frees this structure uses kfree_sensitive()\nto zero the memory before releasing it: both tpm2_end_auth_session()\nand tpm_buf_check_hmac_response() do so. The tpm_dev_release() path\nis the only one that does not, leaving key material in freed slab\nmemory until it is eventually overwritten.\n\nUse kfree_sensitive() for consistency with the rest of the driver and\nto ensure session keys are scrubbed during device teardown."}], "id": "CVE-2026-46283", "lastModified": "2026-06-08T17:16:46.063", "metrics": {}, "published": "2026-06-08T17:16:46.063", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()", "id": "2486445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486445"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-212", "details": ["A flaw was found in the Linux kernel's Trusted Platform Module (TPM) driver. This vulnerability arises from the driver's failure to securely clear sensitive cryptographic material, such as session keys and passphrases, from memory when a TPM device is released. A local attacker could potentially exploit this by accessing the unscrubbed memory, leading to the disclosure of confidential cryptographic information. This could compromise the integrity and confidentiality of cryptographic operations."], "name": "CVE-2026-46283", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46283\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46283\nhttps://lore.kernel.org/linux-cve-announce/2026060842-CVE-2026-46283-5142@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[699e3efd6c645c741ea4d6d58282c56b6d108cf7,dd3ac52ea7a001406c7dbc663aae4b9f89da679a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[699e3efd6c645c741ea4d6d58282c56b6d108cf7,53e6d2d834df40960b655b353e7a8ff4d927e1c7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[699e3efd6c645c741ea4d6d58282c56b6d108cf7,84ced03172da544c9f8c0862faad48104f519352)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[699e3efd6c645c741ea4d6d58282c56b6d108cf7,c424d2664f08c77f08b4580b5f0cbaabf7c229b2)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.10)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.86,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.27,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-08T19:15:30.634326+00:00", "updated": "2026-06-09T01:30:26.556087+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-212", "CWE-256"]}