CVE Catalog

CVE-2026-46189

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

In the Linux kernel, a double free vulnerability was found in the RDMA/vmw_pvrdma driver on the error path of pvrdma_alloc_ucontext(). The pvrdma_uar_free() function is called twice: once directly and then again inside pvrdma_dealloc_ucontext(), causing a double free.

Risk Assessment

A double free can cause system crashes, data corruption, or potentially privilege escalation in VMware environments using paravirtualized RDMA.

Recommendation

Immediately update the Linux kernel to a version containing the fix that removes the redundant pvrdma_uar_free() call on the error path.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS