5.5

CVE-2026-46038

net: qrtr: ns: Free the node during ctrl_cmd_bye()

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: ns: Free the node during ctrl_cmd_bye()

A node sends the BYE packet when it is about to go down. So the nameserver
should advertise the removal of the node to all remote and local observers
and free the node finally. But currently, the nameserver doesn't free the
node memory even after processing the BYE packet. This causes the node
memory to leak.

Hence, remove the node from Xarray list and free the node memory during
both success and failure case of ctrl_cmd_bye().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.7 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.86
LinuxLinux Kernel Version >= 6.13 < 6.18.27
LinuxLinux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11
Patch
https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a
Patch
https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6
Patch
https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0
Patch
https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac
Patch