CVE-2026-46096 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_buf_destroy() on two exit paths, leaking a page allocation: 1. When name_size() returns an error (unrecognized hash algorithm), the function returns directly without destroying the buffer. 2. On the success path, the buffer is never destroyed before returning. All other error paths in the function correctly call tpm_buf_destroy() before returning. Fix both by adding the missing tpm_buf_destroy() calls.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status

unaffected

20eda7c74b69fe9e1caf9b930a5c016bf8d755fa (git) before f8775d9d9062da662cc861f9ff7722a65896d4cd

affected

bda1cbf73c6e241267c286427f2ed52b5735d872 (git) before 2f434be87e256fd58254f60ddf5d7d58e775ca0b

affected

bda1cbf73c6e241267c286427f2ed52b5735d872 (git) before f0f75a3d98b7959a8677b6363e23190f3018636b

affected

a3b7eb67225c486a2da357c5db3e386f4e64bcde (git)

affected

6.18.3 (semver) before 6.18.27

affected

6.12.64 (semver) before 6.13

affected

Default status

affected

6.19

affected

Any version before 6.19

unaffected

6.18.27 (semver)

unaffected

7.0.4 (semver)

unaffected

7.1-rc1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/f8775d9d9062da662cc861f9ff7722a65896d4cd

git.kernel.org/...c/2f434be87e256fd58254f60ddf5d7d58e775ca0b

git.kernel.org/...c/f0f75a3d98b7959a8677b6363e23190f3018636b

cve.org (CVE-2026-46096)

nvd.nist.gov (CVE-2026-46096)

Download JSON