EUVD-2026-15218
GHSA-gwxh-wqjf-9572
Lifecycle Timeline
4DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
Fix a user triggerable leak on the system call failure path.
AnalysisAI
This vulnerability is a resource leak in the Linux kernel's InfiniBand mthca driver within the mthca_create_srq() function, where the mthca_unmap_user_db() cleanup call is missing on the error path. A user with local access can trigger this leak by causing the mthca_create_srq() system call to fail, resulting in persistent kernel memory not being freed, which could lead to denial of service through memory exhaustion. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect
Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic
pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str
Vendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 5.10.223-1 | - |
| bullseye (security) | vulnerable | 5.10.251-1 | - |
| bookworm | vulnerable | 6.1.159-1 | - |
| bookworm (security) | vulnerable | 6.1.164-1 | - |
| trixie | vulnerable | 6.12.73-1 | - |
| trixie (security) | vulnerable | 6.12.74-2 | - |
| forky, sid | fixed | 6.19.8-1 | - |
| (unstable) | fixed | 6.19.8-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today