Skip to main content

Linux Kernel EUVDEUVD-2026-32771

| CVE-2026-46144 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-qfhm-vm36-2x5j
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only vector confirmed by RDMA driver context; PR:L because low-privilege shell access suffices; A:H for resource exhaustion DoS; C:N and I:N as no data exposure or write primitive exists.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Generated
Jun 10, 2026 - 21:29 vuln.today
CVSS changed
Jun 10, 2026 - 21:22 NVD
5.5 (MEDIUM)
CVSS changed
Jun 10, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()

Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal destroy path cleans it up.

AnalysisAI

Resource leak in the Linux kernel's RDMA/mana driver allows a local low-privileged user to exhaust kernel resources via a missing cleanup in the error unwind path of mana_ib_create_qp_rss(). The Microsoft Azure Network Adapter (MANA) InfiniBand subsystem fails to release mana_ib_cfg_vport_steering() allocations when QP RSS creation fails mid-flight, while the normal destroy path handles cleanup correctly - leaving the error path mismatched. No public exploit is identified and EPSS sits at 0.02% (5th percentile), reflecting very low real-world exploitation probability, though patches are confirmed available across multiple stable kernel branches.

Technical ContextAI

The affected code lives in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically in the mana_ib driver that supports the Microsoft Azure Network Adapter (MANA) used in Azure VM environments. A Queue Pair (QP) in RDMA terminology is a paired send/receive buffer used for high-performance networking; RSS (Receive Side Scaling) variants distribute incoming traffic across CPU cores. The function mana_ib_create_qp_rss() configures vport steering - the hardware-level traffic steering table - via mana_ib_cfg_vport_steering(). When this sequence fails after vport steering is configured, the error unwind path omits the corresponding cleanup call, while mana_ib_destroy_qp_rss() (the normal teardown) correctly handles it. This is a classic CWE-459 (Incomplete Cleanup) / CWE-772 (Missing Release of Resource after Effective Lifetime) pattern. CPE data confirms the Linux kernel across multiple major stable branches is affected, from the introduction commit 0266a177631d through various stable trees.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel version: 6.6.141 or later on the 6.6 stable branch, 6.12.88 or later on the 6.12 stable branch, 6.18.30 or later on the 6.18 stable branch, 7.0.7 or later on the 7.0 stable branch, or 7.1-rc3 or later on mainline. Patch commits are available at https://git.kernel.org/stable/c/726af85ea4af750b2f75095e24e3cd99797344cb, https://git.kernel.org/stable/c/ab64c63b460bbd0521480bf90d5695783f5e66bc, https://git.kernel.org/stable/c/30e8a2f33815d8f51b8f8b829c07af16c671cc27, https://git.kernel.org/stable/c/190e570cc0fc7f57eacf80d2b854ba54b4dfad6b, and https://git.kernel.org/stable/c/6aaa978c6b6218cfac15fe1dab17c76fe229ce3f. If patching immediately is not feasible, a compensating control is to restrict RDMA/mana QP RSS creation to trusted, privileged users only via Linux capability controls (CAP_NET_ADMIN), preventing low-privileged local users from invoking the affected code path - note this may limit RDMA performance features for unprivileged workloads. Disabling the mana_ib kernel module entirely (modprobe -r mana_ib) eliminates exposure but removes RDMA functionality on Azure MANA NICs, which may impact RDMA-dependent applications.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32771 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy