CVE-2026-46117
- Source
- https://cve.org/CVERecord?id=CVE-2026-46117
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46117.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-46117
- Downstream
- Related
- Published
- 2026-05-28T09:35:32.344Z
- Modified
- 2026-06-23T15:29:20.598688102Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Remove user triggerable WARNON() in manaibcreateqp_rss()
Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on to corrupt the kernel.
Just reject it outright and fail the QP creation.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46117.json" }- References
-
- https://git.kernel.org/stable/c/159f2efabc89d3f931d38f2d35876535d4abf0a3
- https://git.kernel.org/stable/c/9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71
- https://git.kernel.org/stable/c/9ef65af26b2a6738bf15812042e84b3112402d3a
- https://git.kernel.org/stable/c/db991ba50087ad99fa12a2c483aa3be19671ea73
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46117.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-46117
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc15d7802a42402a87880a17eee89ff023e49ecc0Fixed9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71Fixed9ef65af26b2a6738bf15812042e84b3112402d3aFixeddb991ba50087ad99fa12a2c483aa3be19671ea73Fixed159f2efabc89d3f931d38f2d35876535d4abf0a3