CVE Catalog

CVE-2026-45964

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a kref leak in the error path of the gss_alloc_msg function. The issue arises from the lack of a kref_put() call when the kstrdup_const() function fails, leading to the gss_auth structure not being freed.

Risk Assessment

The reference leak may lead to resource exhaustion, potentially affecting the stability and performance of the system in the long run. Organizations should be aware of potential memory management issues.

Recommendation

It is recommended to update the Linux kernel to the latest version that includes fixes for this vulnerability. Additionally, systems should be monitored for signs of memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in gss_release_msg(), but forgot to add a corresponding kref_put() on the error path when kstrdup_const() fails. If service_name is non-NULL and kstrdup_const() fails, the function jumps to err_put_pipe_version which calls put_pipe_version() and kfree(gss_msg), but never releases the gss_auth reference. This leads to a kref leak where the gss_auth structure is never freed. Add a forward declaration for gss_free_callback() and call kref_put() in the err_put_pipe_version error path to properly release the reference taken earlier.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS