5.5
CVE-2026-46012
- EPSS 0.12%
- Veröffentlicht 27.05.2026 12:56:14
- Zuletzt bearbeitet 16.06.2026 15:25:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
rxrpc: Fix memory leaks in rxkad_verify_response()
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after the first allocation has been done go through a single common epilogue that just releases everything - where all the releases skip on a NULL pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.11 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/c4b8f32e73eafd4a5076be890c7c8506ec04567c
https://git.kernel.org/stable/c/852b9d64cea421336579b2de3d1338dfa677e2dd
https://git.kernel.org/stable/c/861b9a0a1823bf064a7b810d29502a9ef043f40f
https://git.kernel.org/stable/c/c91f33fb8356dedc82bc56ce210f1a5dbee62a52
https://git.kernel.org/stable/c/34f61a07e0cdefaecd3ec03bb5fb22215643678f