Description
In the Linux kernel, the following vulnerability has been resolved:

8021q: delete cleared egress QoS mappings

vlan_dev_set_egress_priority() currently keeps cleared egress
priority mappings in the hash as tombstones. Repeated set/clear cycles
with distinct skb priorities therefore accumulate mapping nodes until
device teardown and leak memory.

Delete mappings when vlan_prio is cleared instead of keeping tombstones.
Now that the egress mapping lists are RCU protected, the node can be
unlinked safely and freed after a grace period.
Published: 2026-05-28
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s VLAN QoS module, repeated cycles that set and clear egress priority mappings leave cleared entries in a hash table as tombstones, which accumulate until the device is torn down. This defect causes a memory leak that can grow until system memory is exhausted, potentially bringing the system to a halt. The flaw is a local resource exhaustion vulnerability that can be triggered by any process that modifies egress QoS settings on a Linux device.

Affected Systems

All Linux kernel implementations before the patch that addresses the vlan_dev_set_egress_priority function are affected, regardless of kernel major version. No specific vendor product version is listed, so any kernel that contains the 8021q module without the fix is at risk.

Risk and Exploitability

The CVSS score is not provided, but the missing EPSS value and absence from CISA KEV indicate no known public exploits and a low to moderate probability of exploitation. The likely attack vector is a local or privileged user who can execute VLAN configuration commands or send traffic that triggers repeated set/clear cycles, leading to uncontrolled memory growth. The impact is confined to the host machine, producing a denial‑of‑service condition through memory exhaustion.

Generated by OpenCVE AI on May 28, 2026 at 11:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch from commit 7dddc74 (or an equivalent recent kernel release that includes the fix for vlan_dev_set_egress_priority).
  • If immediate patching is not possible, disable or reduce repeated QoS priority changes on the affected devices to limit the growth of the hash table.
  • Continuously monitor system memory usage and log patterns of egress priority configuration to detect abnormal growth before it leads to a full shutdown.

Generated by OpenCVE AI on May 28, 2026 at 11:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping nodes until device teardown and leak memory. Delete mappings when vlan_prio is cleared instead of keeping tombstones. Now that the egress mapping lists are RCU protected, the node can be unlinked safely and freed after a grace period.
Title 8021q: delete cleared egress QoS mappings
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:09.415Z

Reserved: 2026-05-13T15:03:33.101Z

Link: CVE-2026-46153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:30.947

Modified: 2026-05-28T10:16:30.947

Link: CVE-2026-46153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T11:45:16Z

Weaknesses