Lucene search
K

2433 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.15 views

CVE-2026-46176

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

5.7AI score0.00142EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/28 9:36 a.m.10 views

EUVD-2026-32803

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

5.8AI score0.00142EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.32 views

CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00142EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:36 a.m.13 views

EUVD-2026-32772

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

5.9AI score0.00142EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.8 views

CVE-2026-46144

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

5.5CVSS5.7AI score0.00127EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.9 views

CVE-2026-46133

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...

7.5CVSS5.7AI score0.00574EPSS
Exploits0
EUVD
EUVD
added 2026/05/28 9:35 a.m.14 views

EUVD-2026-32886

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

5.8AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 9:35 a.m.22 views

CVE-2026-46127

CVE-2026-46127 affects the Linux kernel RDMA/ocrdma; the bug is a NULL dereference in ocrdma_copy_pd_uresp() when uctx is uninitialized, potentially causing a crash. Connected sources indicate patches exist in multiple OSV entries (Root:rootio-linux for Ubuntu 24.04 and Debian 11/12, OpenSUSE/ope...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:35 a.m.7 views

CVE-2026-46127

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

5.7AI score0.00128EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.9 views

CVE-2026-46127

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.8 views

CVE-2026-46126

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix manadestroywqobj cleanup in manaibcreateqprss Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ table is unwound. First there is a double i-- on the first failure path...

5.5CVSS5.7AI score0.00127EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:35 a.m.38 views

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.9 views

CVE-2026-46117

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARNON in manaibcreateqprss Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARNON then go on to corrupt the kernel. Just...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.8 views

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

7.8CVSS5.7AI score0.001EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:3 a.m.7 views

RDMA/mana_ib: Disable RX steering on RSS QP destroy

...

7.8CVSS5.4AI score0.00129EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/28 4:47 a.m.12 views

CVE-2026-45852

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 4:37 a.m.13 views

CVE-2026-45856

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the ibuverbspostsend function. A local user can exploit this vulnerability by providing an invalid work queue element size wqesize from userspace without proper validation. This can lead to an...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.10 views

SUSE CVE-2026-45856

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqesize before using it in ibuverbspostsend ibuverbspostsend uses cmd.wqesize from userspace without any validation before passing it to kmalloc and using the allocated buffer as struct ibuverbssendwr. If a...

6.1CVSS5.8AI score0.00164EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.9 views

SUSE CVE-2026-45910

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

7CVSS5.8AI score0.00102EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.9 views

SUSE CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder