CVE-2026-46003

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory exhaustion. Hence, limit the maximum number of nodes to 64. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.

References

https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d

https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923

https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824

https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0

https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313

Details

Source: Mitre, NVD

Published: 2026-05-27

Updated: 2026-05-27

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018