CVE-2026-45870
Awaiting Analysis Awaiting Analysis - Queue
Memory Leak in Linux Kernel SUNRPC GSS Auth

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() functions allocate memory via gssx_dec_buffer(), which calls kmemdup(). When a subsequent decode operation fails, these functions return immediately without freeing previously allocated buffers, causing memory leaks. The leak in gssx_dec_ctx() is particularly relevant because the caller (gssp_accept_sec_context_upcall) initializes several buffer length fields to non-zero values, resulting in memory allocation: struct gssx_ctx rctxh = { .exported_context_token.len = GSSX_max_output_handle_sz, .mech.len = GSS_OID_MAX_LEN, .src_name.display_name.len = GSSX_max_princ_sz, .targ_name.display_name.len = GSSX_max_princ_sz }; If, for example, gssx_dec_name() succeeds for src_name but fails for targ_name, the memory allocated for exported_context_token, mech, and src_name.display_name remains unreferenced and cannot be reclaimed. Add error handling with goto-based cleanup to free any previously allocated buffers before returning an error.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45870
EUVD
EUVD-2026-32336
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's SUNRPC authentication mechanism using GSS (Generic Security Services). Specifically, certain functions (gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name()) allocate memory buffers during decoding operations. If a decoding operation fails partway through, these functions return immediately without freeing the memory that was previously allocated, causing memory leaks.

The issue is particularly significant in gssx_dec_ctx(), where multiple buffers are allocated for different fields. If decoding succeeds for some fields but fails for others, the memory allocated for the successful fields is not freed, leading to unreclaimed memory. The fix involves adding error handling to ensure that all previously allocated buffers are freed before returning an error.

Impact Analysis

This vulnerability can lead to memory leaks in the Linux kernel when certain SUNRPC GSS authentication decoding operations fail. Over time, these leaks can accumulate, potentially causing increased memory usage, reduced system performance, or even system instability or crashes if memory exhaustion occurs.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart