Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in the Linux MANA (Microsoft Azure Network Adapter) driver allows an authenticated attacker with high privileges on the host to escalate privileges across security boundaries by exploiting a use-after-free condition. The flaw was reported by Microsoft Security Response Center and carries a CVSS 3.1 score of 8.2 driven by scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Technical ContextAI
The Linux MANA driver provides kernel-level support for the Microsoft Azure Network Adapter (MANA), a virtual NIC used in Azure VM deployments to expose high-performance networking to Linux guest workloads. The root cause is CWE-416 (Use After Free), a memory safety class where the driver continues to reference a kernel object after its backing memory has been released, allowing the freed allocation to be reclaimed and manipulated by an attacker-controlled allocation. In kernel network drivers, UAF conditions typically arise from race conditions between teardown paths and active I/O contexts or from mismanaged reference counting on socket/queue structures, and they are routinely converted into arbitrary kernel read/write and ultimately into privilege escalation. The vendor tags also flag denial of service and memory corruption as related impacts, consistent with kernel UAF behavior.
RemediationAI
Patch availability is reported per the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45476, however no exact fixed version was provided in the input data - administrators should consult that advisory directly to identify the patched kernel build or driver version for their distribution and apply it. For Azure-hosted Linux VMs, prioritize updating the in-guest kernel to the latest distribution-vendor-supported release that incorporates the MANA driver fix. If immediate patching is not possible, compensating controls include unloading or blacklisting the mana module on systems that do not require MANA networking (trade-off: this will break Azure accelerated networking and may require falling back to a slower netvsc/hv_netvsc path), tightening privilege boundaries so that no untrusted workload runs as root or with CAP_SYS_ADMIN in the guest (trade-off: may break administrative workflows), and monitoring kernel logs for MANA driver oopses or KASAN reports that may indicate exploitation attempts.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35546
GHSA-w6wg-wvpc-5gj5