52 matches found
SUSE CVE-2026-46176
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...
SUSE CVE-2026-46181
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
Linux Distros Unpatched Vulnerability : CVE-2026-46181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it...
CVE-2026-46178
A flaw was found in the Linux kernel. This vulnerability, located in the RDMA/mlx4 component, is due to a resource leak during error handling in the mlx4ibcreatesrq function. An attacker could potentially exploit this flaw to cause a denial of service by exhausting system resources...
CVE-2026-46178
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...
CVE-2026-46181
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
CVE-2026-46176
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...
UBUNTU-CVE-2026-46178
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
EUVD-2026-32808
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...
CVE-2026-46181
Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...
CVE-2026-46178
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...
EUVD-2026-32803
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...
CVE-2026-46176
The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...
CVE-2026-46176
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...
SUSE CVE-2026-45852
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...
PT-2026-44304
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misuse of Read-Copy Update RCU, a synchronization mechanism that allows multiple readers to access data while a writer modifies it, occurs in the mlx4 srq event function. The mlx4 srq...
PT-2026-44299
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error path fall-through exists in the mlx5 ib dev res srq init function. When the function allocates two Send Receive Queues SRQs, s0 and s1, a failure in ib create srq for s1 causes...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error path resource leak in the mlx4ibcreatesrq function within RDMA mlx4. This issue may lead...
CVE-2026-45852
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...