CVE-2026-46038
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to memory management concerning the BYE packet sent by a node. The nameserver does not free the node memory after processing the packet, leading to a memory leak.
Risk Assessment
Memory leaks can lead to performance degradation and potential crashes, threatening the stability of services running on the server.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak. Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().

