CVE-2026-46026— net: qrtr: ns: Limit the maximum number of lookups
Possible ATT&CK Techniques 1AI
T1498 · Network Denial of ServiceAffected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0c2204a4ad710d95d348ea006f14ba926e842ffd< bd69e0e8a7643ba5385f19f479e8e3da71f8d495 | affected |
0c2204a4ad710d95d348ea006f14ba926e842ffd< 91cb30b6bb1880ba0748ca059bef50b8ac13793d | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 6e3675251fcea06caecc61eb76462467558adfa6 | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 0dbec101a7076e9b1e4bd1876f7cf07c56ff4ce3 | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 76adf8f69b0bb3ab20be7c58f5d555027332d113 | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 20855cef7e659ef84ac73251256fa530819b2346 | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 2b930bc77e00cb27e1d6e1d497b3b596283465ef | affected | ||
0c2204a4ad710d95d348ea006f14ba926e842ffd< 5640227d9a21c6a8be249a10677b832e7f40dc55 | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46026
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
net: qrtr: ns: Limit the maximum number of lookups
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a malicious local client sending a flood of NEW_LOOKUP messages over the same socket. Fix this issue by limiting the maximum number of lookups to 64 globally. Since the nameserver allows only atmost one local observer, this global lookup count will ensure that the lookups stay within the limit. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于qrtr命名服务器未限制客户端查找次数,可能导致恶意本地客户端发送大量NEW_LOOKUP消息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46026
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46026
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-46026 (8)
Same Patch Batch · Linux · 2026-05-27 · 275 CVEs total
| CVE-2026-45972 | 9.8 CRITICAL | smb: client: fix potential UAF and double free in smb2_open_file() |
| CVE-2026-46039 | 9.8 CRITICAL | rxgk: Fix potential integer overflow in length check |
| CVE-2026-45988 | 9.8 CRITICAL | rxrpc: Fix re-decryption of RESPONSE packets |
| CVE-2026-45898 | 9.8 CRITICAL | RDMA/iwcm: Fix workqueue list corruption by removing work_list |
| CVE-2026-46043 | 9.1 CRITICAL | RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv |
| CVE-2026-46056 | 8.8 HIGH | Bluetooth: hci_event: fix potential UAF in SSP passkey handlers |
| CVE-2026-45945 | 8.8 HIGH | iommu/vt-d: Fix race condition during PASID entry replacement |
| CVE-2026-46037 | 8.2 HIGH | ipv4: icmp: validate reply type before using icmp_pointers |
| CVE-2026-45843 | 8.2 HIGH | slip: bound decode() reads against the compressed packet length |
| CVE-2026-46099 | 8.1 HIGH | net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels |
| CVE-2026-46010 | 8.1 HIGH | rxrpc: Fix error handling in rxgk_extract_token() |
| CVE-2026-46076 | 7.9 HIGH | KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 |
| CVE-2026-45878 | 7.8 HIGH | drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 |
| CVE-2026-45909 | 7.8 HIGH | clk: mediatek: Drop __initconst from gates |
| CVE-2026-46036 | 7.8 HIGH | vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex |
| CVE-2026-45933 | 7.8 HIGH | bpf: Preserve id of register in sync_linked_regs() |
| CVE-2026-46065 | 7.8 HIGH | fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info |
| CVE-2026-46058 | 7.8 HIGH | media: amphion: Fix race between m2m job_abort and device_run |
| CVE-2026-45894 | 7.8 HIGH | iommu/vt-d: Clear Present bit before tearing down PASID entry |
| CVE-2026-46053 | 7.8 HIGH | net: rds: fix MR cleanup on copy error |
Showing top 20 of 275 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-52910
bpf: Free reuseport cBPF prog after RCU grace period. - CVE-2026-52909
ip6_vti: set netns_immutable on the fallback device. - CVE-2026-52908
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible - CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corru - CVE-2026-52907
media: rockchip: rkcif: fix off by one bugs
Same vendor: Linux
- CVE-2026-52910
bpf: Free reuseport cBPF prog after RCU grace period. - CVE-2026-52909
ip6_vti: set netns_immutable on the fallback device. - CVE-2026-52908
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible - CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corru - CVE-2026-52907
media: rockchip: rkcif: fix off by one bugs
V. Comments for CVE-2026-46026
No comments yet