CVE-2026-46291
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
In the Linux kernel, the CAAM cryptographic driver leaks HMAC key bytes via hex dumps in hash_digest_key(). Using print_hex_dump() instead of print_hex_dump_devel() exposes sensitive key material at runtime when CONFIG_DYNAMIC_DEBUG is enabled.
Risk Assessment
The organization risks exposure of secret HMAC keys, potentially compromising the integrity and confidentiality of data encrypted or signed by the CAAM hardware accelerator.
Recommendation
Immediately update the Linux kernel to a version containing the fix that replaces print_hex_dump() with print_hex_dump_devel() in drivers/crypto/caam/caamalg.c.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hash_digest_key Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in hash_digest_key() to avoid leaking secrets at runtime when CONFIG_DYNAMIC_DEBUG is enabled.

