SB2026052867 - Allocation of Resources Without Limits or Throttling in Linux kernel qrtr
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-46003)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper resource allocation in the qrtr nameserver when handling node registration requests. A remote attacker can register random nodes to exhaust memory and cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313
- https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0
- https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824
- https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923
- https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d