MEDIUM 5.5

CVE-2026-46144

A memory cleanup issue exists in the Linux kernel's RDMA/mana driver when creating RSS (Receive-Side Scaling) queue pairs. If an error occurs during queue pair creation, a virtual port steering configuration is not properly freed, leading to a resource leak. While this is a memory management issue rather than a direct data breach risk, it can degrade system stability under error conditions or be exploited to exhaust kernel memory resources on systems with RDMA/mana network adapters.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
Affected products
3 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal destroy path cleans it up.

5 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46144 addresses an error handling bug in the mana_ib_create_qp_rss() function within the Linux kernel's RDMA/mana driver. The vulnerability stems from incomplete cleanup when queue pair creation fails: the mana_ib_cfg_vport_steering() configuration is allocated during the creation process but is not released if an error occurs before the function completes. The normal (non-error) destroy path properly cleans up this resource, but the error path omits this cleanup step, causing a kernel memory leak. This affects the MANA (Microsoft Azure Network Adapter) RDMA subsystem used in virtualized and cloud environments.

Business impact

The primary business impact is availability degradation rather than confidentiality or integrity compromise. Repeated triggering of the error condition could allow a local, privileged user to exhaust kernel memory and trigger out-of-memory conditions, potentially leading to system crashes, service interruptions, or denial of service on systems running RDMA workloads. For organizations running Azure-connected workloads or RDMA-enabled deployments, this represents a stability risk that could affect long-running applications or batch processing jobs if exploited or triggered accidentally.

Affected systems

This vulnerability affects the Linux kernel across all versions prior to the fix. Systems running RDMA/mana drivers—primarily Azure VMs and other environments using Microsoft Azure Network Adapters with RDMA capabilities—are at risk. The vulnerability requires local access and RDMA subsystem usage, so primarily impacts server and virtualized infrastructure environments rather than typical desktop or edge deployments.

Exploitability

Exploitation requires local system access and elevated privileges (PR:L in the CVSS vector), limiting the attack surface. An attacker with local user privileges cannot directly trigger this leak; cooperation or compromise of a process with capability to create RDMA queue pairs is necessary. However, legitimate error conditions during queue pair creation (resource exhaustion, invalid configurations) could trigger the leak inadvertently, making this more of a reliability risk than an intentional security exploit vector. The vulnerability is not known to be actively exploited in the wild.

Remediation

Apply a Linux kernel update that includes the mana_ib_create_qp_rss() error handling fix. Verify against the vendor advisory for the specific kernel version available for your distribution. Until patched, restrict RDMA queue pair creation to trusted users and monitor system memory usage in RDMA-heavy workloads for signs of sustained kernel memory growth or out-of-memory events.

Patch guidance

Obtain and deploy the latest stable Linux kernel release from your distribution (Red Hat, Ubuntu, Debian, etc.) that incorporates this fix. The patch corrects the error unwind path in mana_ib_create_qp_rss() to ensure mana_ib_cfg_vport_steering() is properly freed on error. Coordinate patching with your maintenance windows, prioritizing systems that run RDMA workloads or are deployed in Azure environments. Verify the specific kernel version in your distribution's advisory for this CVE.

Detection guidance

Monitor kernel logs for repeated RDMA queue pair creation failures or resource allocation errors from the mana driver. Use 'dmesg' or persistent logging (journalctl on systemd systems) to capture any mana driver error messages. In monitoring infrastructure, track kernel memory usage (MemAvailable, slab allocations) over time on RDMA-enabled systems to detect gradual memory exhaustion patterns that might indicate the leak being triggered. Network monitoring tools can observe patterns of failed RDMA session setup if error conditions are being triggered repeatedly.

Why prioritize this

Although the CVSS score is medium (5.5) and privileges are required, this vulnerability warrants timely patching because: (1) it affects availability of critical infrastructure in cloud environments, (2) it can be triggered unintentionally by normal application behavior during error recovery, (3) prolonged kernel memory leaks compound over time in long-running services, and (4) RDMA workloads are increasingly common in data center and HPC environments. Organizations running RDMA-dependent applications should treat this as higher priority than the base score alone suggests.

Risk score, explained

The CVSS 3.1 score of 5.5 (MEDIUM) reflects: (1) Local Attack Vector (AV:L)—requires system access, not remote; (2) Low Complexity (AC:L)—no special conditions needed beyond triggering error cases; (3) Low Privileges (PR:L)—requires local user context but not root; (4) High Availability Impact (A:H)—memory exhaustion can crash the system or degrade availability; (5) No Confidentiality or Integrity Impact (C:N, I:N)—no data is exposed or corrupted. The score appropriately reflects a medium-severity local denial-of-service risk.

Frequently asked questions

Can this vulnerability be exploited remotely?

No. The vulnerability requires local system access (AV:L in CVSS) and is triggered through the kernel RDMA subsystem, not over the network. It is strictly a local privilege concern.

Who is most affected by this vulnerability?

Organizations deploying RDMA workloads on Azure VMs or other environments using the Microsoft Azure Network Adapter with RDMA capabilities are most directly affected. This includes cloud data centers, HPC clusters, and virtualized infrastructure running intensive data processing or memory-optimized applications.

What is the difference between this and a traditional security vulnerability?

This is primarily a resource management bug that impacts availability and system stability rather than exposing sensitive data or enabling unauthorized access. It is catalogued as a CVE because unpatched memory leaks in kernel drivers can be weaponized for denial of service or amplified by sustained triggering to crash systems.

Do I need to reboot to apply the patch?

Yes, kernel patches typically require a reboot to take effect. Plan patching during a maintenance window and coordinate with applications that depend on RDMA functionality to minimize downtime.

This analysis is based on the CVE description and publicly available information as of the publication date. No exploit code or proof-of-concept is provided. Specific patch version numbers and timelines vary by Linux distribution; verify against your vendor's advisory before deployment. This page is informational and does not replace security guidance from your IT security team or vendor. Always test patches in non-production environments first. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).

Affected vendors

Related vulnerabilities