CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved:

tpm: Use kfree sensitive() to free auth session in tpm dev release()

tpm dev release() uses plain kfree() to free chip->auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data (struct tpm2 auth).

Every other code path that frees this structure uses kfree sensitive() to zero the memory before releasing it: both tpm2 end auth session() and tpm buf check hmac response() do so. The tpm dev release() path is the only one that does not, leaving key material in freed slab memory until it is eventually overwritten.

Use kfree sensitive() for consistency with the rest of the driver and to ensure session keys are scrubbed during device teardown.