Medium severity5.5NVD Advisory· Published May 27, 2026· Updated Jun 16, 2026
CVE-2026-46038
CVE-2026-46038
Description
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: ns: Free the node during ctrl_cmd_bye()
A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak.
Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 5.7.0, < 5.10.259+ 1 more
- (no CPE)range: >= 5.7.0, < 5.10.259
- (no CPE)range: < 7.0.11-1.1
Patches
Vulnerability mechanics
References
5- git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0nvdPatch
- git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6nvdPatch
- git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9anvdPatch
- git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07acnvdPatch
- git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11nvdPatch
News mentions
0No linked articles in our index yet.