CVE-2026-45870

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
27/05/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths<br /> <br /> The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name()<br /> functions allocate memory via gssx_dec_buffer(), which calls<br /> kmemdup(). When a subsequent decode operation fails, these<br /> functions return immediately without freeing previously<br /> allocated buffers, causing memory leaks.<br /> <br /> The leak in gssx_dec_ctx() is particularly relevant because<br /> the caller (gssp_accept_sec_context_upcall) initializes several<br /> buffer length fields to non-zero values, resulting in memory<br /> allocation:<br /> <br /> struct gssx_ctx rctxh = {<br /> .exported_context_token.len = GSSX_max_output_handle_sz,<br /> .mech.len = GSS_OID_MAX_LEN,<br /> .src_name.display_name.len = GSSX_max_princ_sz,<br /> .targ_name.display_name.len = GSSX_max_princ_sz<br /> };<br /> <br /> If, for example, gssx_dec_name() succeeds for src_name but<br /> fails for targ_name, the memory allocated for<br /> exported_context_token, mech, and src_name.display_name<br /> remains unreferenced and cannot be reclaimed.<br /> <br /> Add error handling with goto-based cleanup to free any<br /> previously allocated buffers before returning an error.

Impact