CVE Catalog

CVE-2026-46181

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the RDMA/mlx4 driver misuses RCU in mlx4_srq_event(). The radix_tree is RCU-safe, but the mlx4_srq struct is never freed with RCU and is not accessed within an RCU critical section. Delivering an event before the srq object is fully initialized can cause a system crash.

Risk Assessment

The organization faces potential system crashes if an SRQ event is delivered before object initialization is complete, potentially disrupting services relying on RDMA.

Recommendation

Apply the Linux kernel patch for CVE-2026-46181 immediately, which replaces the incorrect RCU usage with a spinlock and refcount_inc_not_zero(), ensuring proper initialization ordering.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash if an event is delivered before the srq object is finished initializing. Use the spinlock since it isn't easy to make RCU work, use refcount_inc_not_zero() to protect against partially initialized objects, and order the refcount_set() to be after the srq is fully initialized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS