CVE-2026-46096

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public()<br /> <br /> tpm2_read_public() calls tpm_buf_init() but fails to call<br /> tpm_buf_destroy() on two exit paths, leaking a page allocation:<br /> <br /> 1. When name_size() returns an error (unrecognized hash algorithm),<br /> the function returns directly without destroying the buffer.<br /> <br /> 2. On the success path, the buffer is never destroyed before<br /> returning.<br /> <br /> All other error paths in the function correctly call<br /> tpm_buf_destroy() before returning.<br /> <br /> Fix both by adding the missing tpm_buf_destroy() calls.