2482060 – (CVE-2026-46038) CVE-2026-46038 kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye()

Bug 2482060 (CVE-2026-46038) - CVE-2026-46038 kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye()

Summary: CVE-2026-46038 kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye()

Keywords:
Status:	NEW
Alias:	CVE-2026-46038
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-27 15:09 UTC by OSIDB Bzimport
Modified:	2026-05-27 19:49 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-27 15:09:24 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: ns: Free the node during ctrl_cmd_bye()

A node sends the BYE packet when it is about to go down. So the nameserver
should advertise the removal of the node to all remote and local observers
and free the node finally. But currently, the nameserver doesn't free the
node memory even after processing the BYE packet. This causes the node
memory to leak.

Hence, remove the node from Xarray list and free the node memory during
both success and failure case of ctrl_cmd_bye().

Comment 1 Keith Grant 2026-05-27 19:48:03 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026052750-CVE-2026-46038-ec0d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.