HIGH
crypto ChaCha KeyLeak
CVE-2026-43336
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
KernelScan AI3.3LOW
01Description
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted_state before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permuted_state' is sufficient to compute the original 'state', and thus the key, even after the permutation has been done. While the kernel is quite inconsistent about zeroizing secrets on the stack (and some prominent userspace crypto libraries don't bother at all since it's not guaranteed to work anyway), the kernel does try to do it as a best practice, especially in cases involving the RNG. Thus, explicitly zeroize 'permuted_state' before it goes out of scope.
02KernelScan AI Analysis
Risk summary
Local attackers with low privileges could potentially recover ChaCha20 encryption keys from kernel memory by analyzing stack contents after cipher operations. The impact is limited to information disclosure of cryptographic keys, with no direct system compromise.
Vulnerability analysis
The vulnerability stems from the ChaCha20 cipher implementation failing to clear the 'permuted_state' local variable before it goes out of scope. Since the ChaCha permutation is mathematically invertible, this intermediate state contains sufficient information to reconstruct the original cipher state and extract the encryption key. The fix adds explicit calls to chacha_zeroize_state() to clear the sensitive data from the stack before the functions return. This is a local information disclosure requiring existing kernel access, as stack memory analysis typically requires privileged access or memory corruption primitives.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 5.10 | 5.10.253 | e90ee961af51 |
| 5.15 | 5.15.203 | b416a4245f04 |
| 6.1 | 6.1.169 | bd62d9b44464 |
| 6.12 | 6.12.82 | 1d761e5a7340 |
| 6.18 | 6.18.22 | 1933249263c3 |
| 6.19 | 6.19.12 | 91999af43ca2 |
| 6.6 | 6.6.135 | 066c760acead |
| mainline | 7.0 | e5046823f8fa |