{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43041","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.978Z","datePublished":"2026-05-01T14:15:38.112Z","dateUpdated":"2026-05-11T22:16:34.530Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:16:34.530Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak\n\n__radix_tree_create() allocates and links intermediate nodes into the\ntree one by one. If a subsequent allocation fails, the already-linked\nnodes remain in the tree with no corresponding leaf entry. These orphaned\ninternal nodes are never reclaimed because radix_tree_for_each_slot()\nonly visits slots containing leaf values.\n\nThe radix_tree API is deprecated in favor of xarray. As suggested by\nMatthew Wilcox, migrate qrtr_tx_flow from radix_tree to xarray instead\nof fixing the radix_tree itself [1]. xarray properly handles cleanup of\ninternal nodes — xa_destroy() frees all internal xarray nodes when the\nqrtr_node is released, preventing the leak.\n\n[1] https://lore.kernel.org/all/20260225071623.41275-1-jiayuan.chen@linux.dev/T/"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/af_qrtr.c"],"versions":[{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"f2dd9aaf6e2861337f5835f877a5b2becaf4b015","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"4b75ff0aedd6ade1018ad4a3a9d8336794e36e42","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"ff134cc43972d7ddceff8cfd36cf6b9eaafc00b3","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"0fda873092b541bb5a9b87d728a2429f863f8cfa","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"69402908e277dd164bf8d7c8fd0513c0fac28e9e","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"f2664bc4f0f356f17c2094587a2b3665e3867e44","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"5d2249eefaca59908fe3c264b8eca526424dcfbe","status":"affected","versionType":"git"},{"version":"5fdeb0d372ab33b4175043a2a4a1730239a217f1","lessThan":"2428083101f6883f979cceffa76cd8440751ffe6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/af_qrtr.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f2dd9aaf6e2861337f5835f877a5b2becaf4b015"},{"url":"https://git.kernel.org/stable/c/4b75ff0aedd6ade1018ad4a3a9d8336794e36e42"},{"url":"https://git.kernel.org/stable/c/ff134cc43972d7ddceff8cfd36cf6b9eaafc00b3"},{"url":"https://git.kernel.org/stable/c/0fda873092b541bb5a9b87d728a2429f863f8cfa"},{"url":"https://git.kernel.org/stable/c/69402908e277dd164bf8d7c8fd0513c0fac28e9e"},{"url":"https://git.kernel.org/stable/c/f2664bc4f0f356f17c2094587a2b3665e3867e44"},{"url":"https://git.kernel.org/stable/c/5d2249eefaca59908fe3c264b8eca526424dcfbe"},{"url":"https://git.kernel.org/stable/c/2428083101f6883f979cceffa76cd8440751ffe6"}],"title":"net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak","x_generator":{"engine":"bippy-1.2.0"}}}}