CVE-2026-31543

medium

Description

In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes.

References

https://git.kernel.org/stable/c/ed8d91f469845d62d44c565a55d2ab1767969357

https://git.kernel.org/stable/c/4897bd307ba8757c31a3325ba6730961be606016

https://git.kernel.org/stable/c/36f46b0e36892eba08978eef7502ff3c94ddba77

Details

Source: Mitre, NVD

Published: 2026-04-24

Updated: 2026-04-24

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium