Description
In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: ns: Limit the maximum number of lookups

Current code does no bound checking on the number of lookups a client can
perform. Though the code restricts the lookups to local clients, there is
still a possibility of a malicious local client sending a flood of
NEW_LOOKUP messages over the same socket.

Fix this issue by limiting the maximum number of lookups to 64 globally.
Since the nameserver allows only atmost one local observer, this global
lookup count will ensure that the lookups stay within the limit.

Note that, limit of 64 is chosen based on the current platform
requirements. If requirement changes in the future, this limit can be
increased.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The qRTR nameserver in the Linux kernel performs lookups for clients but does not validate the number of requests a local client may issue. A malicious local process can send many NEW_LOOKUP messages over the same socket, exhausting kernel memory or otherwise destabilizing the system. This uncontrolled request rate can lead to resource exhaustion, causing a denial of service.

Affected Systems

Linux kernel versions that include the qRTR feature and have not applied the commit that caps lookup requests at 64 are vulnerable. All kernel releases that ship the current qRTR code path are affected until the patch is applied.

Risk and Exploitability

This flaw can be triggered by any process running on the same host, so local privilege is required. The severity is reflected by a CVSS score of 5.5, indicating medium impact. The lack of a bound introduces a significant disruption potential for local users, though no remote exploitation path is known. The vulnerability is not listed in the CISA KEV catalog, and no EPSS score is available.

Generated by OpenCVE AI on May 28, 2026 at 05:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the qRTR lookup limit fix or merge the upstream commit that enforces a 64-lookup cap.
  • If a kernel upgrade cannot be performed immediately, modify the qRTR source to enforce the maximum lookup count, rebuild, and reboot with the updated kernel.
  • Restrict local processes that may send NEW_LOOKUP requests by applying SELinux, AppArmor, or similar local security policies to limit access to the qRTR interface.

Generated by OpenCVE AI on May 28, 2026 at 05:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 28 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-674

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a malicious local client sending a flood of NEW_LOOKUP messages over the same socket. Fix this issue by limiting the maximum number of lookups to 64 globally. Since the nameserver allows only atmost one local observer, this global lookup count will ensure that the lookups stay within the limit. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Title net: qrtr: ns: Limit the maximum number of lookups
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:48:53.618Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46026

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:21.160

Modified: 2026-06-16T15:54:38.600

Link: CVE-2026-46026

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46026 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T05:45:05Z

Weaknesses