Skip to main content

Linux MANA Driver CVE-2026-45476

| EUVDEUVD-2026-35546 HIGH
Use After Free (CWE-416)
2026-06-09 secure@microsoft.com GHSA-w6wg-wvpc-5gj5
8.2
CVSS 3.1 · Vendor: microsoft
Temporal: 7.1
Share

Severity by source

Vendor (microsoft) PRIMARY
8.2 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CIRCL (temporal)
7.1 HIGH
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 18:22 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 8.2

DescriptionCVE.org

Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Linux MANA (Microsoft Azure Network Adapter) driver allows an authenticated attacker with high privileges on the host to escalate privileges across security boundaries by exploiting a use-after-free condition. The flaw was reported by Microsoft Security Response Center and carries a CVSS 3.1 score of 8.2 driven by scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Technical ContextAI

The Linux MANA driver provides kernel-level support for the Microsoft Azure Network Adapter (MANA), a virtual NIC used in Azure VM deployments to expose high-performance networking to Linux guest workloads. The root cause is CWE-416 (Use After Free), a memory safety class where the driver continues to reference a kernel object after its backing memory has been released, allowing the freed allocation to be reclaimed and manipulated by an attacker-controlled allocation. In kernel network drivers, UAF conditions typically arise from race conditions between teardown paths and active I/O contexts or from mismanaged reference counting on socket/queue structures, and they are routinely converted into arbitrary kernel read/write and ultimately into privilege escalation. The vendor tags also flag denial of service and memory corruption as related impacts, consistent with kernel UAF behavior.

RemediationAI

Patch availability is reported per the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45476, however no exact fixed version was provided in the input data - administrators should consult that advisory directly to identify the patched kernel build or driver version for their distribution and apply it. For Azure-hosted Linux VMs, prioritize updating the in-guest kernel to the latest distribution-vendor-supported release that incorporates the MANA driver fix. If immediate patching is not possible, compensating controls include unloading or blacklisting the mana module on systems that do not require MANA networking (trade-off: this will break Azure accelerated networking and may require falling back to a slower netvsc/hv_netvsc path), tightening privilege boundaries so that no untrusted workload runs as root or with CAP_SYS_ADMIN in the guest (trade-off: may break administrative workflows), and monitoring kernel logs for MANA driver oopses or KASAN reports that may indicate exploitation attempts.

Share

CVE-2026-45476 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy