Allocation of Resources Without Limits or Throttling in Linux kernel - CVE-2026-46003
Published: May 28, 2026
Vulnerability identifier: #VU132480
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-46003
CWE-ID: CWE-770
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper resource allocation in the qrtr nameserver when handling node registration requests. A remote attacker can register random nodes to exhaust memory and cause a denial of service.
How to mitigate CVE-2026-46003
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/27d5e84e810b0849d08b9aec68e48570461ce313
- https://git.kernel.org/stable/c/4665a29c08e1b36bc9db4814f9dde3d23e8fd1b0
- https://git.kernel.org/stable/c/4c46413661431aa60fb134cd4ecdf8beaa39f824
- https://git.kernel.org/stable/c/5cf6d5e5e3b804a44692fbf548a5179442e2e923
- https://git.kernel.org/stable/c/8022876894d09ae485b499058c3357da683bcc5d