CVE-2026-43041
Memory Leak in Linux Kernel QRTR
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's net subsystem, specifically in the qrtr component. It involves a memory leak caused by the use of the deprecated radix_tree API for managing qrtr_tx_flow data structures.
The issue arises because __radix_tree_create() allocates and links intermediate nodes one by one, but if an allocation fails, the already linked nodes remain in the tree without corresponding leaf entries. These orphaned internal nodes are never reclaimed, leading to a memory leak.
The fix replaces the radix_tree with the newer xarray API, which properly handles cleanup of internal nodes. When the qrtr_node is released, xa_destroy() frees all internal xarray nodes, preventing the memory leak.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel's network subsystem. Over time, the leak could cause increased memory consumption, potentially degrading system performance or causing instability.
In environments with heavy network usage involving qrtr, this could result in resource exhaustion, leading to crashes or denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by replacing the qrtr_tx_flow radix_tree with xarray in the Linux kernel to prevent a memory leak.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix, where qrtr_tx_flow uses xarray instead of radix_tree.