CVE-2026-46126
RDMA/mana WQ Object Cleanup Flaw in Linux Kernel
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's RDMA/mana component, specifically in the mana_destroy_wq_obj() cleanup function used in mana_ib_create_qp_rss().
There are two bugs related to the error unwind flow and how the Work Queue (WQ) table is unwound:
- A double decrement (i--) occurs on the first failure path due to the while loop also having an i--, which should be removed.
- If the function mana_ib_install_cq_cb() fails, then the cleanup function mana_create_wq_obj() is not properly undone because of the above decrement issue.
How can this vulnerability impact me? :
This vulnerability involves bugs in the error unwind flow of the RDMA/mana component in the Linux kernel, specifically related to the cleanup process in mana_destroy_wq_obj() during mana_ib_create_qp_rss().
The issues include a double decrement operation and incomplete cleanup when certain functions fail, which could potentially lead to improper resource management or instability in the kernel's RDMA functionality.