{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43491","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:56.013Z","datePublished":"2026-05-19T10:44:23.832Z","dateUpdated":"2026-05-19T10:44:23.832Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-19T10:44:23.832Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: ns: Limit the maximum server registration per node\n\nCurrent code does no bound checking on the number of servers added per\nnode. A malicious client can flood NEW_SERVER messages and exhaust memory.\n\nFix this issue by limiting the maximum number of server registrations to\n256 per node. If the NEW_SERVER message is received for an old port, then\ndon't restrict it as it will get replaced. While at it, also rate limit\nthe error messages in the failure path of qrtr_ns_worker().\n\nNote that the limit of 256 is chosen based on the current platform\nrequirements. If requirement changes in the future, this limit can be\nincreased."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/ns.c"],"versions":[{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"e6f6cd501fb54060940a6eb3f4103eeb5e426ae7","status":"affected","versionType":"git"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"3efaad55cad1ded429e3a873bfece389058a526b","status":"affected","versionType":"git"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"35fb4a0c077c5d1049c2628b769e0a1b1e65df0d","status":"affected","versionType":"git"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"868202aa2adae427060a42d5bd663b4d782ec02c","status":"affected","versionType":"git"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"d5ee2ff98322337951c56398e79d51815acbf955","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/ns.c"],"versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1-rc1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.12.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.18.27"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"7.0.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"7.1-rc1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e6f6cd501fb54060940a6eb3f4103eeb5e426ae7"},{"url":"https://git.kernel.org/stable/c/3efaad55cad1ded429e3a873bfece389058a526b"},{"url":"https://git.kernel.org/stable/c/35fb4a0c077c5d1049c2628b769e0a1b1e65df0d"},{"url":"https://git.kernel.org/stable/c/868202aa2adae427060a42d5bd663b4d782ec02c"},{"url":"https://git.kernel.org/stable/c/d5ee2ff98322337951c56398e79d51815acbf955"}],"title":"net: qrtr: ns: Limit the maximum server registration per node","x_generator":{"engine":"bippy-1.2.0"}}}}