CVE-2026-46003 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory exhaustion. Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313
https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0
https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824
https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923
https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d
https://lore.kernel.org/linux-cve-announce/2026052742-CVE-2026-46003-2034@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46003
https://www.cve.org/CVERecord?id=CVE-2026-46003

History

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
References		https://lore.kernel.org/linux-cve-announce/2026052742-CVE-2026-46003-2034@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46003 https://www.cve.org/CVERecord?id=CVE-2026-46003
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399 CWE-789

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory exhaustion. Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Title		net: qrtr: ns: Limit the total number of nodes
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313 https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0 https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824 https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923 https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:55:59.509Z

Updated: 2026-05-27T12:55:59.509Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-46003

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:18.010

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46003

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46003 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object