CVE-2026-46096

medium Red Hat
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's `tpm2-sessions` component. The `tpm2_read_public()` function fails to properly destroy a buffer on certain exit paths, leading to a page allocation leak. This resource exhaustion could allow a local attacker to cause a Denial of Service (DoS).

CWE

CWE-772

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References