CVE-2026-45964
Analyzed Analyzed - Analysis Complete
Memory Leak in Linux Kernel SUNRPC

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in gss_release_msg(), but forgot to add a corresponding kref_put() on the error path when kstrdup_const() fails. If service_name is non-NULL and kstrdup_const() fails, the function jumps to err_put_pipe_version which calls put_pipe_version() and kfree(gss_msg), but never releases the gss_auth reference. This leads to a kref leak where the gss_auth structure is never freed. Add a forward declaration for gss_free_callback() and call kref_put() in the err_put_pipe_version error path to properly release the reference taken earlier.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45964
EUVD
EUVD-2026-32248
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 5.2 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reference count leak (kref leak) in the Linux kernel's SUNRPC subsystem, specifically in the gss_auth authentication code. A function added a call to increase the reference count but failed to add a corresponding call to decrease it on an error path. When a certain memory allocation (kstrdup_const) fails, the code jumps to an error handling section that frees some resources but does not release the reference to the gss_auth structure. This causes the gss_auth structure to never be freed, leading to a resource leak.

Impact Analysis

The impact of this vulnerability is a resource leak in the Linux kernel. Specifically, the gss_auth structure's reference count is not properly decremented on an error path, causing the structure to remain allocated indefinitely. Over time, this could lead to increased memory usage and potentially degrade system performance or stability if the leak accumulates.

Mitigation Strategies

The vulnerability has been resolved by applying a fix in the Linux kernel that properly releases the gss_auth reference in the error path. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix described in commit 5940d1cf9f42.

Specifically, ensure your system is running a kernel version that contains the patch which adds a kref_put() call in the err_put_pipe_version error path to prevent the kref leak.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart