CVE-2026-46012 Linux CVE debrief

Who should care

System administrators operating Linux servers with RxRPC-enabled services (particularly AFS cell servers), kernel maintainers, and security teams monitoring memory exhaustion risks in network authentication subsystems

Technical summary

The vulnerability resides in `net/rxrpc/rxkad.c` in the Linux kernel's RxRPC implementation. The `rxkad_verify_response()` function, which handles Kerberos authentication ticket verification, contained multiple error paths that failed to release allocated memory for tickets and server keys. The fix adopts a centralized cleanup pattern: the ticket pointer is initialized to NULL, and all function exit paths converge on a single epilogue that conditionally frees resources (skipping NULL pointers). This defensive refactoring eliminates the leak vectors while improving code maintainability. The presence of five distinct stable branch commits suggests the fix has been or will be backported to multiple long-term support kernel versions.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable branch commits when available from your Linux distribution
• Monitor memory utilization on systems running RxRPC services with Kerberos authentication
• Review kernel changelogs for backport status to currently deployed kernel versions
• Consider temporary mitigation by monitoring for abnormal memory growth in rxrpc kernel threads if patching is delayed

Evidence notes

The vulnerability description indicates memory leaks in `rxkad_verify_response()` where ticket and server key allocations were not freed under all circumstances. The resolution implements a defensive coding pattern: NULL initialization of the ticket pointer and a unified cleanup epilogue with NULL-safe releases. Multiple stable kernel branch commits are referenced, indicating backports across supported kernel versions.

Official resources