In the Linux kernel, the following vulnerability has been resolved:
tpm: Use kfreesensitive() to free auth session in tpmdev_release()
tpmdevrelease() uses plain kfree() to free chip->auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data (struct tpm2_auth).
Every other code path that frees this structure uses kfreesensitive() to zero the memory before releasing it: both tpm2endauthsession() and tpmbufcheckhmacresponse() do so. The tpmdevrelease() path is the only one that does not, leaving key material in freed slab memory until it is eventually overwritten.
Use kfree_sensitive() for consistency with the rest of the driver and to ensure session keys are scrubbed during device teardown.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46283.json"
}