CVE-2026-43491— net: qrtr: ns: Limit the maximum server registration per node
Possible ATT&CK Techniques 1AI
T1498 · Network Denial of ServiceAffected Version Matrix 12
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0c2204a4ad710d95d348ea006f14ba926e842ffd< e6f6cd501fb54060940a6eb3f4103eeb5e426ae7 | affected |
0c2204a4ad710d95d348ea006f14ba926e842ffd< 3efaad55cad1ded429e3a873bfece389058a526b | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 35fb4a0c077c5d1049c2628b769e0a1b1e65df0d | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 868202aa2adae427060a42d5bd663b4d782ec02c | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< d5ee2ff98322337951c56398e79d51815acbf955 | affected | ||
5.7 | affected | ||
< 5.7 | unaffected | ||
6.6.140≤ 6.6.* | unaffected | ||
| … +4 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-43491
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: qrtr: ns: Limit the maximum server registration per node
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEW_SERVER messages and exhaust memory. Fix this issue by limiting the maximum number of server registrations to 256 per node. If the NEW_SERVER message is received for an old port, then don't restrict it as it will get replaced. While at it, also rate limit the error messages in the failure path of qrtr_ns_worker(). Note that the limit of 256 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未对每个节点添加的服务器数量进行边界检查,恶意客户端可发送NEW_SERVER消息导致内存耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-43491
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-43491
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-43491 (5)
Same Patch Batch · Linux · 2026-05-19 · 3 CVEs total
| CVE-2026-43493 | 9.8 CRITICAL | crypto: pcrypt - Fix handling of MAY_BACKLOG requests |
| CVE-2026-43492 | lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() |
IV. Related Vulnerabilities
V. Comments for CVE-2026-43491
No comments yet