CVE Catalog

CVE-2026-46153

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the management of egress QoS priority mappings in the 8021q protocol. The issue is that cleared priority mappings are kept as 'tombstones', leading to memory leaks during set/clear cycles.

Risk Assessment

Organizations may experience performance issues and memory leaks, which can lead to system instability for those using the Linux kernel.

Recommendation

It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to avoid memory issues and improve system stability.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping nodes until device teardown and leak memory. Delete mappings when vlan_prio is cleared instead of keeping tombstones. Now that the egress mapping lists are RCU protected, the node can be unlinked safely and freed after a grace period.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS