Primary

Context

Linux Kernel KSMBD SMB3 Key Logging Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's KSMBD component allows for the logging of sensitive key information during SMB3 signing and encryption key generation. When KSMBD_DEBUG_AUTH logging is activated, the functions generate_smb3signingkey() and generate_smb3encryptionkey() inadvertently log session, signing, encryption, and decryption key bytes. This logging could expose credentials, creating a security risk.

Impact

The vulnerability could lead to the unintentional exposure of sensitive encryption and signing keys, potentially allowing for unauthorized access or manipulation of data in SMB3 communications.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux Kernel Archive.

Added: May 8, 2026, 9:23 PM

Updated: May 8, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KSMBD SMB3 Key Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating