Impact
The Linux kernel QRTR nameserver did not enforce a maximum for the number of node registrations. An attacker controllable over QRTR messages can create many random nodes, causing the kernel to allocate memory for each node. This process can exhaust system memory and lead to a denial‑of‑service condition for services that rely on the nameserver. The weakness is a resource exploitation flaw (CWE‑770).
Affected Systems
All Linux kernel builds that do not contain the commit which limits QRTR node registrations to 64 are affected. The limitation was introduced in a recent kernel patch that is applied in current releases. Tenants using older kernels without this change remain vulnerable.
Risk and Exploitability
The CVSS score of 5.5 reflects medium overall severity. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the exhaustion by sending numerous QRTR registration messages, without requiring elevated privileges or authentication. The risk persists until the kernel includes the node‑limit change or an equivalent mitigation is applied.
OpenCVE Enrichment
Debian DLA
Ubuntu USN