CVE-2026-46038
Description
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak. Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 7.0.4-1 |
| debian | sid | fixed | 7.0.4-1 |
| debian | trixie | fixed | 6.12.86-1 |
| sles | affected | |
References
- https://git.kernel.org/stable/c/ff78ed177a66763085e3214d6fbe13ca8f0b3f11
- https://git.kernel.org/stable/c/65932f5102bb5377db36c8a4f0c28179a1967a9a
- https://git.kernel.org/stable/c/154fc7fe3f62c46891c3c4302f4b5b5391c932e6
- https://git.kernel.org/stable/c/076e4b162d6caba12c229e7f262df5b6881162b0
- https://git.kernel.org/stable/c/68efba36446a7774ea5b971257ade049272a07ac
- https://security-tracker.debian.org/tracker/CVE-2026-46038
- https://www.suse.com/security/cve/CVE-2026-46038.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.