SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-45964
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 14:17:13 UTC
Updated2026-06-16 02:29:40 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in gss_release_msg(), but forgot to add a corresponding kref_put() on the error path when kstrdup_const() fails. If service_name is non-NULL and kstrdup_const() fails, the function jumps to err_put_pipe_version which calls put_pipe_version() and kfree(gss_msg), but never releases the gss_auth reference. This leads to a kref leak where the gss_auth structure is never freed. Add a forward declaration for gss_free_callback() and call kref_put() in the err_put_pipe_version error path to properly release the reference taken earlier.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000240000 probability, percentile 0.073320000 (date 2026-06-01)

Problem Types: CWE-401

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e 3b2b6c42070ce4204936288253baf101e995c2d3 git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e b559be2ec6cdb2e9c2c36c23fbbd4690d8a5c3f7 git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e a1bc9561b617ec7e2d09e6c134d1db8fcf9ca4a6 git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e 655c9ba9915f05266998dbbf4b76b3c79b8a70aa git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e e464e26b2457005c87e158570498274b9f3b90c7 git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e c20f925214249bb4fc04f7e197bea142a6438af6 git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e a2d4e9a76de0b2178001214ba5de5bf94a7354aa git Not specified
CNA Linux Linux affected 5940d1cf9f42f67e9cc3f7df9eda39f5888d6e9e dd2fdc3504592d85e549c523b054898a036a6afe git Not specified
CNA Linux Linux affected 5.2 Not specified
CNA Linux Linux unaffected 5.2 semver Not specified
CNA Linux Linux unaffected 5.10.252 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.202 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.165 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.128 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.75 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.14 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.4 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/a2d4e9a76de0b2178001214ba5de5bf94a7354aa 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/a1bc9561b617ec7e2d09e6c134d1db8fcf9ca4a6 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/e464e26b2457005c87e158570498274b9f3b90c7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/c20f925214249bb4fc04f7e197bea142a6438af6 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/b559be2ec6cdb2e9c2c36c23fbbd4690d8a5c3f7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/3b2b6c42070ce4204936288253baf101e995c2d3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/655c9ba9915f05266998dbbf4b76b3c79b8a70aa 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/dd2fdc3504592d85e549c523b054898a036a6afe 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report