CVE-2026-46012 | rxrpc: Fix memory leaks in rxkad_verify_response()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after the first allocation has been done go through a single common epilogue that just releases everything - where all the releases skip on a NULL pointer.

Published: 2026-05-27 Last update: 2026-05-27 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-46012 is rated Low Risk (5.2/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-46012

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-28	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-46012

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-46012

GitHub Security Advisory for CVE-2026-46012

GHSA-29h5-9g4g-x624 · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in...

OS Trackers for CVE-2026-46012

vendor	priority	summary	link
`debian`	unimportant	CVE-2026-46012 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.	https://security-tracker.debian.org/tracker/CVE-2026-46012
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2026-46012
`suse`	high	—	https://www.suse.com/security/cve/CVE-2026-46012/
`ubuntu`	medium	CVE-2026-46012 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 169, needed 94, released 84, not-affected 45, pending 6.	https://ubuntu.com/security/CVE-2026-46012

Affected software / configurations for CVE-2026-46012

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-46012

URL	Tags
https://git.kernel.org/stable/c/34f61a07e0cdefaecd3ec03bb5fb22215643678f
https://git.kernel.org/stable/c/852b9d64cea421336579b2de3d1338dfa677e2dd
https://git.kernel.org/stable/c/861b9a0a1823bf064a7b810d29502a9ef043f40f
https://git.kernel.org/stable/c/c4b8f32e73eafd4a5076be890c7c8506ec04567c
https://git.kernel.org/stable/c/c91f33fb8356dedc82bc56ce210f1a5dbee62a52

cvelogic Threat Intelligence