CVE-2026-46038

Name: CVE-2026-46038 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-46038

MEDIUM

CVSS v3.1: 5.5 · EPSS: 0.0017 (6.4 percentile)

No user interactionMemory Leak

Source data as of: 2026-06-17 05:00:11 UTC

At a glance

Severity: MEDIUM
CVSS: 5.5 v3.1 · NVD
EPSS: 0.0017 (6.4 percentile) · FIRST.org
CISA KEV: No
Type: Memory Leak · NVD CWE
Attack conditions (CVSS vector): No user interaction · Source: NVD Vector
Affected vendors: linux
Published: 2026-05-27 · Modified: 2026-06-16
References: Jump to references (5)

CVSS / EPSS / KEV

CVSS v3.1 5.5 / 10 MEDIUM Source: NVD

EPSS 0.0017 6.4 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrl_cmd_bye() A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But currently, the nameserver doesn't free the node memory even after processing the BYE packet. This causes the node memory to leak. Hence, remove the node from Xarray list and free the node memory during both success and failure case of ctrl_cmd_bye().

Record details

CVE ID: CVE-2026-46038
CVSS (v3.1): 5.5 (MEDIUM)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability subscore: 1.8
Impact subscore: 3.6
EPSS: 0.0017 (6.4 percentile) — 2026-06-17
CISA KEV: No
Weakness (CWE): CWE-401
Affected vendors: linux
Affected configurations (CPE): 4
Published: 2026-05-27
Modified: 2026-06-16
Status: Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-46038

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year