CVE-2026-46291: Linux CAAM HMAC Key Leak on Azure
🟡 Medium | Source: Microsoft Security Response Center CVE-2026-46291 is a vulnerability in the Linux kernel’s CAAM (Cryptographic Acceleration and Assurance Module) driver, specifically affecting how HMAC key material is handled during hash digest key operations. The flaw can expose sensitive cryptographic key data through unguarded hex dumps, potentially leaking HMAC secrets into kernel logs or debug output. This matters because HMAC keys exposed in this way could undermine the integrity and authenticity guarantees of cryptographic operations running on affected systems, including those hosted in Azure environments using Linux-based virtual machines. ...