CVE Catalog

CVE-2026-46126

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability in the Linux kernel related to the mana_destroy_wq_obj() function in queue object management has been resolved. The issues pertain to bugs in the error unwind flow concerning the WQ table.

Risk Assessment

Improper management of queue objects may lead to memory leaks or unpredictable system behavior, jeopardizing the stability and security of applications utilizing RDMA.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper queue object management.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ table is unwound. First there is a double i-- on the first failure path due to the while loop having a i--, remove it. Second if mana_ib_install_cq_cb() fails then mana_create_wq_obj() is not undone due to the above i--.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS