Skip to main content

Linux Kernel CVE-2026-31543

| EUVDEUVD-2026-25436 MEDIUM
2026-04-24 Linux GHSA-2mh9-r7m5-wv93
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 18:52 vuln.today
CVSS changed
Apr 28, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 18:46 nvd
Patch available
Patch available
Apr 24, 2026 - 16:01 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25436
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:33 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying

When debug logging is enabled, read_key_from_user_keying() logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes.

AnalysisAI

Debug logging in the Linux kernel's crash_dump module exposes dm-crypt key material when debug logging is enabled, allowing local privileged users to read encryption keys from kernel logs and potentially cause denial of service through availability impact on crash dump functionality. The vulnerability affects Linux kernel versions prior to 6.18.20, 6.19.10, and 7.0, with an EPSS score of 0.02% indicating low exploitation probability despite the information disclosure risk.

Technical ContextAI

The vulnerability exists in the crash_dump subsystem's read_key_from_user_keying() function, which handles dm-crypt key material during crash dump operations. When kernel debug logging is enabled (a feature typically used for troubleshooting), the function logs the first 8 bytes of cryptographic key payloads to kernel logs. This violates cryptographic key handling best practices, as sensitive key material should never be logged regardless of debug settings. The affected code path is part of the Linux kernel's crash dump infrastructure and involves interaction with dm-crypt, the kernel's device mapper encryption layer. The CWE classification is not provided, but this falls under improper handling of sensitive cryptographic material in logging contexts.

RemediationAI

Update to patched kernel versions: Linux 6.18.20, 6.19.10, 7.0 or later according to your deployed kernel branch. Apply commits ed8d91f469845d62d44c565a55d2ab1767969357, 4897bd307ba8757c31a3325ba6730961be606016, or 36f46b0e36892eba08978eef7502ff3c94ddba77 respectively. If immediate patching is not feasible, the primary mitigation is to disable debug logging in production environments where dm-crypt is in use and where untrusted local users have access, as the vulnerability only manifests when kernel debug logging is explicitly enabled. Verify that crash dump configurations do not inadvertently enable debug logging as a side effect of other kernel parameters. Monitor kernel logs and crash dump outputs to ensure no key material is being logged. Note that this mitigation reduces visibility into crash dump issues and should be considered temporary pending patching.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy