CVE-2026-46038

5.5 MEDIUM
Published: May 27, 2026 Modified: June 16, 2026
View on NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak. Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.5 / 10.0
EPSS (Exploit Probability)
0.1%
2th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-401

Affected Vendors

linux

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1