In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: ns: Limit the maximum server registration per node
Current code does no bound checking on the number of servers added per
node. A malicious client can flood NEW_SERVER messages and exhaust memory.
Fix this issue by limiting the maximum number of server registrations to
256 per node. If the NEW_SERVER message is received for an old port, then
don't restrict it as it will get replaced. While at it, also rate limit
the error messages in the failure path of qrtr_ns_worker().
Note that the limit of 256 is chosen based on the current platform
requirements. If requirement changes in the future, this limit can be
increased.
References
Configurations
Configuration 1 (hide)
|
History
26 Jun 2026, 19:14
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Linux linux Kernel
Linux |
|
| CWE | NVD-CWE-noinfo | |
| References | () https://git.kernel.org/stable/c/35fb4a0c077c5d1049c2628b769e0a1b1e65df0d - Patch | |
| References | () https://git.kernel.org/stable/c/3efaad55cad1ded429e3a873bfece389058a526b - Patch | |
| References | () https://git.kernel.org/stable/c/868202aa2adae427060a42d5bd663b4d782ec02c - Patch | |
| References | () https://git.kernel.org/stable/c/d5ee2ff98322337951c56398e79d51815acbf955 - Patch | |
| References | () https://git.kernel.org/stable/c/e6f6cd501fb54060940a6eb3f4103eeb5e426ae7 - Patch |
19 May 2026, 12:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-19 12:16
Updated : 2026-06-26 19:14
NVD link : CVE-2026-43491
Mitre link : CVE-2026-43491
CVE.ORG link : CVE-2026-43491
JSON object : View
Products Affected
linux
- linux_kernel
CWE
