CVE-2026-46012
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A vulnerability in the Linux kernel that led to memory leaks in the rxkad_verify_response() function has been fixed. The changes ensure proper resource deallocation in all circumstances, preventing leaks.
Risk Assessment
Memory leaks can lead to increased resource consumption, which may affect system stability and performance over time.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and minimize the risk of memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after the first allocation has been done go through a single common epilogue that just releases everything - where all the releases skip on a NULL pointer.

