In the Linux kernel, the following vulnerability has been resolved:
tpm2-sessions: Fix missing tpmbufdestroy() in tpm2readpublic()
tpm2readpublic() calls tpmbufinit() but fails to call tpmbufdestroy() on two exit paths, leaking a page allocation:
When name_size() returns an error (unrecognized hash algorithm), the function returns directly without destroying the buffer.
On the success path, the buffer is never destroyed before returning.
All other error paths in the function correctly call tpmbufdestroy() before returning.
Fix both by adding the missing tpmbufdestroy() calls.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46096.json",
"cna_assigner": "Linux"
}