Skip to main content

Linux Kernel CVE-2026-46178

| EUVDEUVD-2026-32805 HIGH
Memory Leak (CWE-401)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-wjrj-6rqp-wh2c
High
Disputed · 7.8 Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Sources disagree (Low–High)
Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 12:02 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.8 (HIGH)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 10:16 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().

AnalysisAI

Resource leak in the Linux kernel's RDMA/mlx4 InfiniBand driver allows local authenticated users to trigger kernel memory exhaustion when mlx4_ib_create_srq() fails, because mlx4_srq_alloc() is not properly undone via mlx4_srq_free() during error unwind. CVSS 7.8 (AV:L/AC:L/PR:L) reflects local privileged access required, and EPSS is very low at 0.02% (5th percentile), with no public exploit identified at time of analysis. The fix has been merged upstream and backported across multiple stable trees, indicating broad downstream exposure on systems using Mellanox ConnectX HCAs.

Technical ContextAI

The vulnerability resides in drivers/infiniband/hw/mlx4, the in-kernel driver for Mellanox ConnectX-family InfiniBand/RoCE host channel adapters (ConnectX-2/3 generation). Specifically, mlx4_ib_create_srq() - which provisions a Shared Receive Queue object for RDMA verbs consumers - calls mlx4_srq_alloc() to allocate the SRQ in firmware/ICM context but fails to invoke the corresponding mlx4_srq_free() on a later error path. This is a classic missing-cleanup-on-error-path bug (CWE-401-class: missing release of resource after effective lifetime) where partially-initialized kernel resources leak. The CWE field is listed as N/A in the feed, but the patch description ('Fix resource leak on error') and the call pair (alloc without free on error unwind) unambiguously identify this as a memory/resource leak in a driver error path. The tag 'Information Disclosure' in the feed is atypical for a pure leak and likely auto-derived; the upstream patch does not describe an info-leak primitive.

RemediationAI

Upgrade to a kernel containing the upstream fix: mainline 7.1-rc3 or newer, or one of the patched stable trees - 6.6.140, 6.12.88, 6.18.30, or 7.0.7 - referenced at https://git.kernel.org/stable/c/0dbd619716fb07b7de1acd64fec673ee6e1adde7 and the four sibling commits. For distribution kernels, wait for and apply the corresponding vendor security update (track via your distro's CVE tracker since no per-vendor advisory URL was provided). As a compensating control until patched, restrict RDMA device access by ensuring /dev/infiniband/* nodes and rdma_cm interfaces are not exposed to untrusted local users or containers (tighten group ownership, use rdma-cgroup limits, or unbind the mlx4_ib module with 'modprobe -r mlx4_ib' on hosts that do not need RDMA - note this disables InfiniBand/RoCE functionality entirely and will break HPC, NVMe-oF, and GPUDirect workloads). Blocking the create_srq verb specifically is not practical at the kernel level; access-control on the uverbs device node is the realistic mitigation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-46178 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy