CVE-2026-46096 | tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public()

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_buf_destroy() on two exit paths, leaking a page allocation: 1. When name_size() returns an error (unrecognized hash algorithm), the function returns directly without destroying the buffer. 2. On the success path, the buffer is never destroyed before returning. All other error paths in the function correctly call tpm_buf_destroy() before returning. Fix both by adding the missing tpm_buf_destroy() calls.

Published: 2026-05-27 Last update: 2026-05-27 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-46096 is rated Low Risk (4.3/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-46096

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-28	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-46096

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-46096

GitHub Security Advisory for CVE-2026-46096

GHSA-wq6x-xf86-6rwf · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing...

OS Trackers for CVE-2026-46096

vendor	priority	summary	link
`debian`	unimportant	CVE-2026-46096 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1.	https://security-tracker.debian.org/tracker/CVE-2026-46096
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2026-46096
`suse`	—	—	https://www.suse.com/security/cve/CVE-2026-46096/
`ubuntu`	medium	CVE-2026-46096 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 169, not-affected 115, released 84, needed 24, pending 6.	https://ubuntu.com/security/CVE-2026-46096

Affected software / configurations for CVE-2026-46096

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-46096

URL	Tags
https://git.kernel.org/stable/c/2f434be87e256fd58254f60ddf5d7d58e775ca0b
https://git.kernel.org/stable/c/f0f75a3d98b7959a8677b6363e23190f3018636b
https://git.kernel.org/stable/c/f8775d9d9062da662cc861f9ff7722a65896d4cd

cvelogic Threat Intelligence