CVE-2026-46117
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
In the Linux kernel, the RDMA/mana driver removed a user-triggerable WARN_ON() that could corrupt kernel memory when a user specifies work queues (WQs) sharing the same completion queue (CQ).
Risk Assessment
An attacker with user privileges can intentionally trigger the WARN_ON() and corrupt kernel memory, potentially leading to system crash or privilege escalation.
Recommendation
Immediately update the Linux kernel to a version containing the fix that removes the vulnerability in the RDMA/mana driver.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on to corrupt the kernel. Just reject it outright and fail the QP creation.

