CVE Catalog

CVE-2026-46117

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, the RDMA/mana driver removed a user-triggerable WARN_ON() that could corrupt kernel memory when a user specifies work queues (WQs) sharing the same completion queue (CQ).

Risk Assessment

An attacker with user privileges can intentionally trigger the WARN_ON() and corrupt kernel memory, potentially leading to system crash or privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix that removes the vulnerability in the RDMA/mana driver.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on to corrupt the kernel. Just reject it outright and fail the QP creation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS