CVE-2026-46096

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak occurs in the tpm2 read public() function within the tpm2-sessions module. The function calls tpm buf init() to allocate a page but fails to call tpm buf destroy() to release it in two scenarios: when name size() returns an error due to an unrecognized hash algorithm, and upon the successful execution path. This results in a page allocation leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.