CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix gss auth kref leak in gss alloc msg error path

Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth gss.c") added a kref get(&gss auth->kref) call to balance the gss put auth() done in gss release msg(), but forgot to add a corresponding kref put() on the error path when kstrdup const() fails.

If service name is non-NULL and kstrdup const() fails, the function jumps to err put pipe version which calls put pipe version() and kfree(gss msg), but never releases the gss auth reference. This leads to a kref leak where the gss auth structure is never freed.

Add a forward declaration for gss free callback() and call kref put() in the err put pipe version error path to properly release the reference taken earlier.