CVE-2026-46189
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
In the Linux kernel, a double free vulnerability was found in the RDMA/vmw_pvrdma driver on the error path of pvrdma_alloc_ucontext(). The pvrdma_uar_free() function is called twice: once directly and then again inside pvrdma_dealloc_ucontext(), causing a double free.
Risk Assessment
A double free can cause system crashes, data corruption, or potentially privilege escalation in VMware environments using paravirtualized RDMA.
Recommendation
Immediately update the Linux kernel to a version containing the fix that removes the redundant pvrdma_uar_free() call on the error path.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

