SUSE CVE-2026-46178

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...

CVE-2026-46181

A flaw was found in the Linux kernel's RDMA/mlx4 component. This vulnerability arises from the incorrect use of Read-Copy Update RCU in the mlx4srqevent function. An attacker could potentially trigger an event before the srq object is fully initialized, leading to a system crash. This could resul...

CVE-2026-46176

A flaw was found in the Linux kernel's RDMA/mlx5 component. An error path fall-through in the mlx5ibdevressrqinit function, specifically when ibcreatesrq fails, can lead to the use of freed memory and error pointers. This memory corruption vulnerability could result in system instability, denial ...

UBUNTU-CVE-2026-46176

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

EUVD-2026-32805

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...

CVE-2026-46178

The CVE-2026-46178 entry concerns the Linux kernel RDMA/mlx4 component. A resource leak could occur during error handling in mlx4_ib_create_srq(), because mlx4_srq_alloc() was not undone during error unwinding. The fix adds a call to mlx4_srq_free() to properly release the resource when an error ...

CVE-2026-46178

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...

CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...

CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

PT-2026-44301

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4 ib create srq Sashiko points out that mlx4 srq alloc was not undone during error unwind, add the missing call to mlx4 srq free...

CVE-2026-46084

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access manaib driver. When a Receive Side Scaling Queue Pair RSS QP is destroyed, the vPort RX receive steering in the firmware is not properly disabled, leaving stale steering configurations. This can lead to receive completions...

UBUNTU-CVE-2026-45852

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...

CVE-2026-45852 RDMA/rxe: Fix double free in rxe_srq_from_init

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...

CVE-2026-45852

Summary of CVE-2026-45852 (Linux kernel RDMA/rxe): A double-free vulnerability exists in the rxe_srq_from_init path of the RDMA subsystem. The queue pointer is temporarily assigned to srq->rq.queue before copy_to_user(), so if copy_to_user() fails, cleanup frees the same memory twice when the ...

PT-2026-43719

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe srq from init In rxe srq from init, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copy to user fails, the function calls rxe queue cleanup to...

CVE-2026-45852

RDMA/rxe: Fix double free in rxesrqfrominit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fixed invalid buffer access for legacy rq The following crash can occur when using xdpsock in RX mode for legacy rq: the buffer is released in the XDPREDIRECT path, and then again in the driver. This fix sets a fl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the fragment counting for XDP multi-buffer scenarios in legacy RQ. XDP multi-buffer programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commi...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: devmap: Provide rxq after a redirect. rxq contains a pointer to the device from which the redirect occurred. Currently, the BPF program executed after a redirect via BPFMAPTYPEDEVMAP does not set this pointer. This is...