Skip to main content

Linux Kernel ksmbd EUVDEUVD-2026-28683

| CVE-2026-43377 HIGH
2026-05-08 Linux GHSA-95vc-3rg6-xgp2
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:30 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
8.1 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 8.1
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Don't log keys in SMB3 signing and encryption key generation

When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.

AnalysisAI

Linux kernel's ksmbd server exposes SMB3 session, signing, encryption, and decryption keys in debug logs when KSMBD_DEBUG_AUTH is enabled. Authenticated network attackers with access to system logs can retrieve these cryptographic keys to compromise SMB3 session confidentiality and integrity. EPSS probability is very low (0.01%, 3rd percentile) and no active exploitation is documented. Vendor patches available across multiple stable kernel branches (6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.9, 7.0).

Technical ContextAI

The vulnerability exists in the Linux kernel's ksmbd module, an in-kernel SMB3 server implementation introduced in Linux 5.15. When the KSMBD_DEBUG_AUTH debug flag is enabled, the functions generate_smb3signingkey() and generate_smb3encryptionkey() log sensitive cryptographic material to kernel logs. These keys protect SMB3 session security: signing keys ensure message authenticity and prevent tampering, while encryption/decryption keys protect data confidentiality. Logging these keys exposes them to any process or user with access to kernel logs (typically via dmesg or /var/log/kern.log), violating the fundamental security principle that cryptographic keys must never be logged or stored in cleartext. The affected CPE cpe:2.3:a:linux:linux indicates the ksmbd component within the Linux kernel package. The vulnerability stems from excessive debug logging rather than a cryptographic implementation flaw, making it an operational security issue rather than a protocol-level weakness.

RemediationAI

Upgrade to patched Linux kernel versions: 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.9, or 7.0 depending on your stable branch. Patches are available from https://git.kernel.org/stable/ with specific commits listed in the references. For systems where immediate patching is not feasible, disable KSMBD_DEBUG_AUTH debug logging if currently enabled by removing or commenting the debug flag from ksmbd configuration and restarting the ksmbd service. This eliminates the vulnerability but may complicate troubleshooting of ksmbd issues. As a defense-in-depth measure, restrict access to kernel logs (dmesg output and /var/log/kern.log) using filesystem permissions and log aggregation access controls to limit exposure even if keys are logged. Note that restricting log access does not fix the underlying issue but reduces attack surface; this trade-off may impact security monitoring and incident response capabilities. Audit existing kernel logs for exposed key material from past sessions when debug mode was enabled and consider rotating SMB credentials if exposure is confirmed.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy