CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEW_SERVER messages and exhaust memory. Fix this issue by limiting the maximum number of server registrations to 256 per node. If the NEW_SERVER message is received for an old port, then don't restrict it as it will get replaced. While at it, also rate limit the error messages in the failure path of qrtr_ns_worker(). Note that the limit of 256 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

26 Jun 2026, 19:14

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux
CWE NVD-CWE-noinfo
References () https://git.kernel.org/stable/c/35fb4a0c077c5d1049c2628b769e0a1b1e65df0d - () https://git.kernel.org/stable/c/35fb4a0c077c5d1049c2628b769e0a1b1e65df0d - Patch
References () https://git.kernel.org/stable/c/3efaad55cad1ded429e3a873bfece389058a526b - () https://git.kernel.org/stable/c/3efaad55cad1ded429e3a873bfece389058a526b - Patch
References () https://git.kernel.org/stable/c/868202aa2adae427060a42d5bd663b4d782ec02c - () https://git.kernel.org/stable/c/868202aa2adae427060a42d5bd663b4d782ec02c - Patch
References () https://git.kernel.org/stable/c/d5ee2ff98322337951c56398e79d51815acbf955 - () https://git.kernel.org/stable/c/d5ee2ff98322337951c56398e79d51815acbf955 - Patch
References () https://git.kernel.org/stable/c/e6f6cd501fb54060940a6eb3f4103eeb5e426ae7 - () https://git.kernel.org/stable/c/e6f6cd501fb54060940a6eb3f4103eeb5e426ae7 - Patch

19 May 2026, 12:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-19 12:16

Updated : 2026-06-26 19:14


NVD link : CVE-2026-43491

Mitre link : CVE-2026-43491

CVE.ORG link : CVE-2026-43491


JSON object : View

Products Affected

linux

  • linux_kernel