CVE-2026-46096

Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_buf_destroy() on two exit paths, leaking a page allocation: 1. When name_size() returns an error (unrecognized hash algorithm), the function returns directly without destroying the buffer. 2. On the success path, the buffer is never destroyed before returning. All other error paths in the function correctly call tpm_buf_destroy() before returning. Fix both by adding the missing tpm_buf_destroy() calls.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-27

Last Modified

2026-05-27

Generated

2026-05-27

EPSS Evaluated

N/A

NVD

CVE-2026-46096

EUVD

EUVD-2026-32479

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-46096

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart