{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46038", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.093Z", "datePublished": "2026-05-27T12:56:50.125Z", "dateUpdated": "2026-05-27T12:56:50.125Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:56:50.125Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: ns: Free the node during ctrl_cmd_bye()\n\nA node sends the BYE packet when it is about to go down. So the nameserver\nshould advertise the removal of the node to all remote and local observers\nand free the node finally. But currently, the nameserver doesn't free the\nnode memory even after processing the BYE packet. This causes the node\nmemory to leak.\n\nHence, remove the node from Xarray list and free the node memory during\nboth success and failure case of ctrl_cmd_bye()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/qrtr/ns.c"], "versions": [{"version": "0c2204a4ad710d95d348ea006f14ba926e842ffd", "lessThan": "ff78ed177a66763085e3214d6fbe13ca8f0b3f11", "status": "affected", "versionType": "git"}, {"version": "0c2204a4ad710d95d348ea006f14ba926e842ffd", "lessThan": "65932f5102bb5377db36c8a4f0c28179a1967a9a", "status": "affected", "versionType": "git"}, {"version": "0c2204a4ad710d95d348ea006f14ba926e842ffd", "lessThan": "154fc7fe3f62c46891c3c4302f4b5b5391c932e6", "status": "affected", "versionType": "git"}, {"version": "0c2204a4ad710d95d348ea006f14ba926e842ffd", "lessThan": "076e4b162d6caba12c229e7f262df5b6881162b0", "status": "affected", "versionType": "git"}, {"version": "0c2204a4ad710d95d348ea006f14ba926e842ffd", "lessThan": "68efba36446a7774ea5b971257ade049272a07ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/qrtr/ns.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11"}, {"url": "https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a"}, {"url": "https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6"}, {"url": "https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0"}, {"url": "https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac"}], "title": "net: qrtr: ns: Free the node during ctrl_cmd_bye()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: ns: Free the node during ctrl_cmd_bye()\n\nA node sends the BYE packet when it is about to go down. So the nameserver\nshould advertise the removal of the node to all remote and local observers\nand free the node finally. But currently, the nameserver doesn't free the\nnode memory even after processing the BYE packet. This causes the node\nmemory to leak.\n\nHence, remove the node from Xarray list and free the node memory during\nboth success and failure case of ctrl_cmd_bye()."}], "id": "CVE-2026-46038", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:23.140", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye()", "id": "2482060", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482060"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's `qrtr` nameserver component. When a node sends a BYE packet, the nameserver fails to free the associated node memory, leading to a memory leak. This vulnerability can result in resource exhaustion over time, potentially impacting system stability and availability."], "name": "CVE-2026-46038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46038\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46038\nhttps://lore.kernel.org/linux-cve-announce/2026052750-CVE-2026-46038-ec0d@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0c2204a4ad710d95d348ea006f14ba926e842ffd,ff78ed177a66763085e3214d6fbe13ca8f0b3f11)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0c2204a4ad710d95d348ea006f14ba926e842ffd,65932f5102bb5377db36c8a4f0c28179a1967a9a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0c2204a4ad710d95d348ea006f14ba926e842ffd,154fc7fe3f62c46891c3c4302f4b5b5391c932e6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0c2204a4ad710d95d348ea006f14ba926e842ffd,076e4b162d6caba12c229e7f262df5b6881162b0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0c2204a4ad710d95d348ea006f14ba926e842ffd,68efba36446a7774ea5b971257ade049272a07ac)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.7"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.140,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.86,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.27,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T23:00:06.859990+00:00", "title": "QRTR Nameserver Node Memory Leak", "updated": "2026-05-27T23:30:45.639362+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-401"]}