In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after the first allocation has been done go through a single common epilogue that just releases everything - where all the releases skip on a NULL pointer.

A flaw was found in the Linux kernel's `rxrpc` subsystem. The `rxkad_verify_response()` function, which handles verification of responses, did not consistently release allocated memory. This oversight could lead to a memory leak, potentially causing system instability and a denial of service (DoS) over time due to resource exhaustion.

A Moderate impact memory leak flaw was found in the Linux kernel's `rxrpc` subsystem, affecting Red Hat Enterprise Linux 9 and Red Hat In-Vehicle OS 2. This vulnerability, caused by inconsistent memory release, could allow a local attacker to exhaust system resources, leading to a denial of service. If the `rxrpc` kernel module is not actively used, it can be blacklisted to prevent its loading. Create a file `/etc/modprobe.d/blacklist-rxrpc.conf` containing `blacklist rxrpc`. A system reboot is required for this change to take effect. Disabling this module may affect services that rely on the `rxrpc` protocol. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46012 https://nvd.nist.gov/vuln/detail/CVE-2026-46012 https://lore.kernel.org/linux-cve-announce/2026052744-CVE-2026-46012-f467@gregkh/T