CVE-2026-46003 - Vulnerability Details

- net: qrtr: ns: Limit the total number of nodes

Description

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: ns: Limit the total number of nodes

Currently, the nameserver doesn't limit the number of nodes it handles.
This can be an attack vector if a malicious client starts registering
random nodes, leading to memory exhaustion.

Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is
chosen based on the current platform requirements. If requirement changes
in the future, this limit can be increased.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, the QRTR nameserver does not enforce a limit on node registrations. A malicious client that can send QRTR registration messages may create a large number of random nodes, causing the kernel to allocate memory for each new node until system memory is exhausted. This results in a denial‑of‑service condition for processes relying on the nameserver.

Affected Systems

The vulnerability affects the Linux kernel in all versions prior to the inclusion of the node‑limit change. The commit that limits the total number of nodes to 64 is the remedy, so any kernel build that does not contain this change is impacted.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Because the QRTR interface accepts registration messages from any client, an attacker can trigger memory exhaustion by sending a large number of node creation requests. The CVSS score of 5.5 indicates a medium severity, reflecting the potential for crashes or instability; the risk persists until the kernel is updated or an equivalent fix is applied. The attack vector involves any host capable of communicating with the QRTR interface, with no authentication required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0c2204a4ad710d95d348ea006f14ba926e842ffd`	affected	< 4c46413661431aa60fb134cd4ecdf8beaa39f824
`0c2204a4ad710d95d348ea006f14ba926e842ffd`	affected	< 4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0
`0c2204a4ad710d95d348ea006f14ba926e842ffd`	affected	< 5cf6d5e5e3b804a44692fbf548a5179442e2e923
`0c2204a4ad710d95d348ea006f14ba926e842ffd`	affected	< 8022876894d09ae485b499058c3357da683bcc5d
`0c2204a4ad710d95d348ea006f14ba926e842ffd`	affected	< 27d5e84e810b0849d08b9aec68e48570461ce313

Linux

affected

Version	Status	Constraints
`5.7`	affected	—
`0`	unaffected	< 5.7
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0c2204a4ad710d95d348ea006f14ba926e842ffd,4c46413661431aa60fb134cd4ecdf8beaa39f824)`	affected	code_commit	—
`[0c2204a4ad710d95d348ea006f14ba926e842ffd,4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0)`	affected	code_commit	—
`[0c2204a4ad710d95d348ea006f14ba926e842ffd,5cf6d5e5e3b804a44692fbf548a5179442e2e923)`	affected	code_commit	—
`[0c2204a4ad710d95d348ea006f14ba926e842ffd,8022876894d09ae485b499058c3357da683bcc5d)`	affected	code_commit	—
`[0c2204a4ad710d95d348ea006f14ba926e842ffd,27d5e84e810b0849d08b9aec68e48570461ce313)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.7`	affected	generic	—
`[0,5.7)`	unaffected	semver	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the commit limiting QRTR nodes to 64.
If an immediate kernel upgrade is not possible, apply the upstream patch manually from the provided kernel commit links.
Restrict access to the QRTR interface using firewall or SELinux rules to limit connections to trusted hosts.
Monitor system memory usage and QRTR node counts to detect abnormal activity.

Generated by OpenCVE AI on May 28, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313
https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0
https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824
https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923
https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d
https://lore.kernel.org/linux-cve-announce/2026052742-CVE-2026-46003-2034@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46003
https://www.cve.org/CVERecord?id=CVE-2026-46003

History

Tue, 16 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
References		https://lore.kernel.org/linux-cve-announce/2026052742-CVE-2026-46003-2034@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46003 https://www.cve.org/CVERecord?id=CVE-2026-46003
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399 CWE-789

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory exhaustion. Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Title		net: qrtr: ns: Limit the total number of nodes
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313 https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0 https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824 https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923 https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:55:59.509Z

Updated: 2026-06-14T17:47:23.215Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-46003

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:18.010

Modified: 2026-06-16T15:26:14.900

Link: CVE-2026-46003

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46003 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T02:00:04Z

Weaknesses

CWE-399
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-789
Memory Allocation with Excessive Size Value
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object