Skip to main content

Linux CVE-2026-23289

| EUVDEUVD-2026-15218 MEDIUM
2026-03-25 Linux GHSA-gwxh-wqjf-9572
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15218
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()

Fix a user triggerable leak on the system call failure path.

AnalysisAI

This vulnerability is a resource leak in the Linux kernel's InfiniBand mthca driver within the mthca_create_srq() function, where the mthca_unmap_user_db() cleanup call is missing on the error path. A user with local access can trigger this leak by causing the mthca_create_srq() system call to fail, resulting in persistent kernel memory not being freed, which could lead to denial of service through memory exhaustion. While no CVSS score, EPSS value, or KEV status is documented, the issue affects all Linux kernel versions using the mthca driver and has been patched across multiple stable kernel branches as evidenced by six linked commit fixes.

Technical ContextAI

The mthca (Mellanox Technologies HCA) driver is an InfiniBand Host Channel Adapter driver in the Linux kernel's InfiniBand subsystem. The vulnerability exists in the mthca_create_srq() function, which creates a Shared Receive Queue (SRQ) for InfiniBand operations. The root cause is a missing resource cleanup call (mthca_unmap_user_db()) on the error/failure path of the system call. This falls under the CWE-401 (Missing Release of Memory after Effective Lifetime) category, where allocated kernel memory mapped to user-space database resources is not properly deallocated when the operation fails. The CPE string cpe:2.3:a:linux:linux indicates this affects the Linux kernel itself across all architectures.

RemediationAI

Apply the latest stable kernel security updates for your distribution to obtain the mthca driver patches. For RHEL-based systems, run 'yum update kernel' and reboot; for Ubuntu/Debian systems, run 'apt-get install linux-image-generic' and reboot. Verify the installed kernel includes the fix commits referenced at https://git.kernel.org/stable/. If immediate patching is not possible, disable the mthca driver by adding 'blacklist ib_mthca' to /etc/modprobe.d/blacklist.conf and removing it from the running kernel if not actively needed. Restrict local user access and monitor kernel memory usage for signs of gradual exhaustion, which would indicate active exploitation attempts.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23289 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy