Skip to main content

Linux Kernel EUVDEUVD-2026-32780

| CVE-2026-46153 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-h2vh-mr24-cxmc
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 23:25 vuln.today
CVSS changed
Jun 09, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

8021q: delete cleared egress QoS mappings

vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping nodes until device teardown and leak memory.

Delete mappings when vlan_prio is cleared instead of keeping tombstones. Now that the egress mapping lists are RCU protected, the node can be unlinked safely and freed after a grace period.

AnalysisAI

Memory exhaustion in the Linux kernel's 8021q VLAN subsystem allows a local user with low privileges to cause denial-of-service by repeatedly manipulating VLAN egress QoS priority mappings. The function vlan_dev_set_egress_priority() retains cleared priority entries as unreachable tombstones in the kernel hash table across set/clear cycles, accumulating until device teardown and leaking kernel memory. No public exploit exists and EPSS is 0.02% at the 5th percentile, indicating negligible real-world exploitation interest; however, the High availability impact in CVSS reflects potential OOM-triggered system instability on affected hosts.

Technical ContextAI

The Linux kernel's 8021q module implements IEEE 802.1Q VLAN tagging, including an egress QoS priority mapping feature via vlan_dev_set_egress_priority() that maps socket buffer (skb) priority values to outbound VLAN Priority Code Points (PCPs). The hash table managing these mappings fails to delete nodes when vlan_prio is cleared - instead retaining them as tombstones - resulting in unbounded memory accumulation across repeated set/clear cycles. The fix leverages RCU (Read-Copy-Update) protection already applied to egress mapping lists to safely unlink and free nodes after a synchronization grace period. No CWE is formally assigned, but the root cause class is consistent with CWE-401 (Missing Release of Memory after Effective Lifetime). Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, spanning from 2.6.12 through pre-patch mainline.

RemediationAI

Upgrade to Linux kernel 7.0.7 (stable) or 7.1-rc1 (mainline), which include the corrective commits available at https://git.kernel.org/stable/c/7dddc74af369478ba7f9bc136d0fc1dc4570cb66 (mainline) and https://git.kernel.org/stable/c/a52e122c9e4d56ad9a03b32c915a199276d989c3 (stable branch). Linux distribution users should apply the relevant vendor kernel update that backports these commits. If immediate patching is not feasible, restrict CAP_NET_ADMIN capability to trusted administrators only, which prevents unprivileged users from issuing VLAN egress QoS priority mapping operations - this is the primary limiting factor for exploitation. Alternatively, avoiding use of the VLAN egress-qos-map feature entirely (by not configuring ip link set <dev> type vlan egress-qos-map) eliminates the vulnerable code path but may degrade QoS for VLAN-tagged traffic. Memory pressure monitoring via /proc/meminfo or kernel OOM event logging can serve as a detection signal on unpatched systems.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

EUVD-2026-32780 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy