In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Don't log keys in SMB3 signing and encryption key generation
When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey() and generatesmb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43377.json",
"cna_assigner": "Linux"
}