154 matches found
net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
...
CVE-2026-52947
A flaw was found in the Linux kernel's qrtr network subsystem. A race condition exists in the qrtrportremove function where the socket reference count is decremented prematurely. This allows a concurrent reader to access a socket whose reference count has dropped to zero, potentially leading to a...
Linux Distros Unpatched Vulnerability : CVE-2026-52947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port ...
The vulnerability of the __radix_tree_create() function in the net/qrtr/af_qrtr.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the radixtreecreate function in the net/qrtr/afqrtr.c module of the Linux operating system is related to the failure to release resources after the expiration of their useful life. Exploiting this vulnerability could allow an attacker to cause a service failure...
EUVD-2026-38815
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
CVE-2026-52947
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
CVE-2026-52947 net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
CVE-2026-52947
The CVE-2026-52947 issue affects the Linux kernel qrtr subsystem, specifically in qrtr_port_remove(), where the socket reference count is decremented via __sock_put() before the port is removed from the qrtr_ports XArray and before the RCU grace period elapses. This creates a race window where a ...
CVE-2026-52947 net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
PT-2026-51841
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the qrtr port remove function where the socket reference count is decremented using sock put before the port is removed from the qrtr ports XArray and before the RCU...
net: qrtr: ns: Free the node during ctrl_cmd_bye()
...
SUSE CVE-2026-46003
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory...
SUSE CVE-2026-46026
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...
SUSE CVE-2026-46038
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...
SUSE CVE-2026-46047
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...
CVE-2026-46003
A flaw was found in the Linux kernel's qrtr nameserver. A malicious client can exploit this vulnerability by registering an excessive number of random nodes. This uncontrolled resource consumption leads to memory exhaustion, resulting in a Denial of Service DoS for the system...
CVE-2026-46026
A flaw was found in the Linux kernel's QRTR Qualcomm IPC Router nameserver. A malicious local client can exploit this by sending an unbounded number of NEWLOOKUP messages. This can lead to resource exhaustion, causing a Denial of Service DoS for the system. The vulnerability is addressed by...
CVE-2026-46038
A flaw was found in the Linux kernel's qrtr nameserver component. When a node sends a BYE packet, the nameserver fails to free the associated node memory, leading to a memory leak. This vulnerability can result in resource exhaustion over time, potentially impacting system stability and...
CVE-2026-46047
A flaw was found in the Linux kernel's qrtr networking driver. During the driver's removal process, a timing issue can occur if a packet arrives after the work queue is destroyed but before the socket is released. This can cause the system to attempt to access memory that has already been freed,...
CVE-2026-46047
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...