tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()
CVE-2026-46283

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-46283?

In the Linux kernel, the following vulnerability has been resolved:

tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

tpm_dev_release() uses plain kfree() to free chip->auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data (struct tpm2_auth).

Every other code path that frees this structure uses kfree_sensitive() to zero the memory before releasing it: both tpm2_end_auth_session() and tpm_buf_check_hmac_response() do so. The tpm_dev_release() path is the only one that does not, leaving key material in freed slab memory until it is eventually overwritten.

Use kfree_sensitive() for consistency with the rest of the driver and to ensure session keys are scrubbed during device teardown.

Affected Version(s)

Linux 699e3efd6c645c741ea4d6d58282c56b6d108cf7

Linux 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < 53e6d2d834df40960b655b353e7a8ff4d927e1c7

Linux 699e3efd6c645c741ea4d6d58282c56b6d108cf7 < 84ced03172da544c9f8c0862faad48104f519352

References

https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663...

https://git.kernel.org/stable/c/53e6d2d834df40960b655b353...

https://git.kernel.org/stable/c/84ced03172da544c9f8c0862f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46283 Data

JSON