Skip to main content

Linux Kernel CVE-2026-46003

| EUVDEUVD-2026-32299 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-23cv-jrm2-r83v
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to reach QRTR nameserver socket; purely availability DoS via memory exhaustion, with no confidentiality or integrity impact possible.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 15:53 vuln.today
CVSS changed
Jun 16, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: ns: Limit the total number of nodes

Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory exhaustion.

Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.

AnalysisAI

Memory exhaustion in the Linux kernel QRTR nameserver allows a local low-privileged attacker to crash the system by registering an unbounded number of QRTR nodes, consuming all available kernel heap memory. Affected kernels span from the commit introducing the QRTR nameserver without node limits (approximately Linux 5.7, commit 0c2204a4ad710d95d348ea006f14ba926e842ffd) through to patched stable releases 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. With an EPSS of 0.02% (5th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, current exploitation risk is low - however, teams managing Qualcomm SoC-based embedded or mobile Linux deployments should treat this as a targeted patch priority given the trivial attack complexity (AC:L) once local access is obtained.

Technical ContextAI

The Qualcomm IPC Router (QRTR) is an inter-process communication protocol implemented in the Linux kernel under net/qrtr/, designed primarily for Qualcomm SoC-based platforms to facilitate communication between application processors and peripheral subsystems such as modems. The nameserver component (net/qrtr/ns.c) maintains a runtime registry of all participating QRTR nodes. Prior to the fix, this registry imposed no upper bound on the number of node entries it would accept from local clients, a pattern consistent with CWE-770 (Allocation of Resources Without Limits or Throttling), though no CWE is formally assigned to this CVE. The fix enforces a hard cap of 64 nodes - chosen to match current Qualcomm SoC platform requirements - preventing unbounded kernel heap growth. CPE data confirms the affected product as cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*.

RemediationAI

The primary remediation is to upgrade to a patched Linux kernel version: 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1 via the upstream stable commits linked in the references. For Qualcomm SoC-based embedded or mobile distributions, monitor vendor-specific kernel releases (e.g., Android security bulletins, Yocto/meta-qcom updates) for backported fixes. If immediate patching is not possible, a compensating control is to unload the QRTR kernel module (modprobe -r qrtr) on any system where QRTR communication is not operationally required - note this will sever communication channels to Qualcomm modem and peripheral subsystems, potentially breaking device functionality on Qualcomm SoC hardware. Alternatively, restricting QRTR socket access via mandatory access control (SELinux policy or AppArmor profiles denying qrtr socket creation to unprivileged users) can limit exploitation to privileged accounts, reducing but not eliminating risk. Patch availability is confirmed via vendor (upstream kernel stable tree); exact fix versions are confirmed per EUVD data.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46003 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy