CVE-2026-45870
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
27/05/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths<br />
<br />
The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name()<br />
functions allocate memory via gssx_dec_buffer(), which calls<br />
kmemdup(). When a subsequent decode operation fails, these<br />
functions return immediately without freeing previously<br />
allocated buffers, causing memory leaks.<br />
<br />
The leak in gssx_dec_ctx() is particularly relevant because<br />
the caller (gssp_accept_sec_context_upcall) initializes several<br />
buffer length fields to non-zero values, resulting in memory<br />
allocation:<br />
<br />
struct gssx_ctx rctxh = {<br />
.exported_context_token.len = GSSX_max_output_handle_sz,<br />
.mech.len = GSS_OID_MAX_LEN,<br />
.src_name.display_name.len = GSSX_max_princ_sz,<br />
.targ_name.display_name.len = GSSX_max_princ_sz<br />
};<br />
<br />
If, for example, gssx_dec_name() succeeds for src_name but<br />
fails for targ_name, the memory allocated for<br />
exported_context_token, mech, and src_name.display_name<br />
remains unreferenced and cannot be reclaimed.<br />
<br />
Add error handling with goto-based cleanup to free any<br />
previously allocated buffers before returning an error.
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/3b56eb90feb8a3709417f5624f3871847d42bcb1
- https://git.kernel.org/stable/c/3e6397b056335cc56ef0e9da36c95946a19f5118
- https://git.kernel.org/stable/c/64303b92d94c0c7845a273acd8d84b796d6f1db7
- https://git.kernel.org/stable/c/b4af3806846778799cd4ab0766dc18341e777264
- https://git.kernel.org/stable/c/c81431b1b9fbd21e9a5a9211b5517b7295d18e6a
- https://git.kernel.org/stable/c/caf7eff432e91a9eba1c79fa545c2f54be15d62b
- https://git.kernel.org/stable/c/d79b9097a6a2b91471b40755f1225364be5d85ff
- https://git.kernel.org/stable/c/df10f23defff22c8d55fe6db74f6e4ce927145bf



