CVE-2026-43041

MEDIUM EPSS 1.8%
Published May 1, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak __radix_tree_create() allocates and links intermediate nodes into the tree one by one. If a subsequent allocation fails, the already-linked nodes remain in the tree with no corresponding leaf entry. These orphaned internal nodes are never reclaimed because radix_tree_for_each_slot() only visits slots containing leaf values. The radix_tree API is deprecated in favor of xarray. As suggested by Matthew Wilcox, migrate qrtr_tx_flow from radix_tree to xarray instead of fixing the radix_tree itself [1]. xarray properly handles cleanup of internal nodes — xa_destroy() frees all internal xarray nodes when the qrtr_node is released, preventing the leak. [1] https://lore.kernel.org/all/20260225071623.41275-1-jiayuan.chen@linux.dev/T/

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0fda873092b541bb5a9b87d728a2429f863f8cfa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2428083101f6883f979cceffa76cd8440751ffe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b75ff0aedd6ade1018ad4a3a9d8336794e36e42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d2249eefaca59908fe3c264b8eca526424dcfbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69402908e277dd164bf8d7c8fd0513c0fac28e9e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2664bc4f0f356f17c2094587a2b3665e3867e44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2dd9aaf6e2861337f5835f877a5b2becaf4b015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff134cc43972d7ddceff8cfd36cf6b9eaafc00b3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0fda873092b541bb5a9b87d728a2429f863f8cfa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2428083101f6883f979cceffa76cd8440751ffe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b75ff0aedd6ade1018ad4a3a9d8336794e36e42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d2249eefaca59908fe3c264b8eca526424dcfbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69402908e277dd164bf8d7c8fd0513c0fac28e9e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2664bc4f0f356f17c2094587a2b3665e3867e44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2dd9aaf6e2861337f5835f877a5b2becaf4b015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff134cc43972d7ddceff8cfd36cf6b9eaafc00b3
    Patch