CVE-2026-46181
- Source
- https://cve.org/CVERecord?id=CVE-2026-46181
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46181.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-46181
- Downstream
- Related
- Published
- 2026-05-28T09:36:34.706Z
- Modified
- 2026-06-12T03:57:34.478272997Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent()
Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash if an event is delivered before the srq object is finished initializing.
Use the spinlock since it isn't easy to make RCU work, use refcountincnotzero() to protect against partially initialized objects, and order the refcountset() to be after the srq is fully initialized.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46181.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/1e2a44875b6afb4add1115f7f3351dcbeb6f273d
- https://git.kernel.org/stable/c/8b7833f3bce35cb0d01c1503781523c099c675f0
- https://git.kernel.org/stable/c/c9341307ea16b9395c2e4c9c94d8499d91fe31d0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46181.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-46181
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git