HIGH
ksmbd AuthKey Leak
CVE-2026-43377
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
KernelScan AI4.4MEDIUM
01Description
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.
02KernelScan AI Analysis
Risk summary
The ksmbd SMB server logs sensitive cryptographic keys in debug output when KSMBD_DEBUG_AUTH is enabled. Administrators with access to kernel debug logs could obtain SMB3 session, signing, and encryption keys, potentially compromising SMB session security.
Vulnerability analysis
The vulnerability exists in the SMB3 key generation functions where debug logging statements print sensitive cryptographic material including session keys, signing keys, and encryption/decryption keys in plaintext. The fix removes these debug prints while preserving informational messages about key generation completion. This affects systems running ksmbd SMB server with debug logging enabled, requiring local root access to exploit but potentially exposing credentials that could compromise SMB session integrity.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.1 | 6.1.167 | 4084ed720d7d |
| 6.12 | 6.12.78 | 3fe2d9ec166b |
| 6.18 | 6.18.20 | 407cc37c21d5 |
| 6.19 | 6.19.9 | c6b01b997a20 |
| 6.6 | 6.6.130 | fec5c70b82af |
| mainline | 7.0 | 441336115df2 |