CVE-2026-46038

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak. Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0	Patch
https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6	Patch
https://git.kernel.org/stable/c/25d580a46b079a7963ff024a5195e547baf12b64
https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a	Patch
https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac	Patch
https://git.kernel.org/stable/c/6c9cca46acb6f22e63f015ea7b2ed6032d2badf5
https://git.kernel.org/stable/c/a5a454f3364877b22f0e5a165df8b3702ff96ae7
https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

19 Jun 2026, 13:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/25d580a46b079a7963ff024a5195e547baf12b64 - () https://git.kernel.org/stable/c/6c9cca46acb6f22e63f015ea7b2ed6032d2badf5 - () https://git.kernel.org/stable/c/a5a454f3364877b22f0e5a165df8b3702ff96ae7 -

16 Jun 2026, 15:16

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0 -~~	() https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0 - Patch
References	~~() https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6 -~~	() https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6 - Patch
References	~~() https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a -~~	() https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a - Patch
References	~~() https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac -~~	() https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac - Patch
References	~~() https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11 -~~	() https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11 - Patch

27 May 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-06-19 13:16

NVD link : CVE-2026-46038

Mitre link : CVE-2026-46038

CVE.ORG link : CVE-2026-46038

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10