HIGH 7.8

CVE-2026-46178: Linux Kernel RDMA/mlx4 Resource Leak – HIGH Severity

A resource management flaw exists in the Linux kernel's RDMA/mlx4 subsystem where memory allocated for Shared Receive Queues (SRQs) is not properly freed when the queue creation process encounters an error. This leaked memory accumulates over time, potentially degrading system performance or causing denial of service if the condition is repeatedly triggered. The issue affects systems using the Mellanox InfiniBand adapter driver on Linux.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-401
Affected products
3 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().

8 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46178 is a resource leak vulnerability in the mlx4_ib_create_srq() function within the Linux kernel's RDMA/mlx4 driver. During error handling in SRQ creation, the code path fails to invoke mlx4_srq_free() to release memory previously allocated by mlx4_srq_alloc(). This results in unreleased kernel memory (CWE-401: Missing Release of Memory after Effective Lifetime). The vulnerability requires local access and Linux privilege level to trigger, but grants complete control over memory and system stability once exploited.

Business impact

Organizations relying on InfiniBand networking through Mellanox adapters face potential system instability and performance degradation. Repeated exploitation of this flaw—intentionally or through application error handling—can exhaust kernel memory pools, leading to unresponsive systems, service interruptions, or forced reboots. For high-performance computing clusters, research facilities, and cloud infrastructure operators using RDMA, this translates to reduced availability and operational overhead for memory troubleshooting.

Affected systems

The vulnerability affects the Linux kernel across all versions where the vulnerable mlx4_ib_create_srq() code path is present. Specifically, systems using the Mellanox InfiniBand adapter driver (mlx4) with RDMA support are in scope. Both upstream kernel distributions and vendor-maintained kernels shipping this driver are potentially affected. Verify your kernel version and RDMA subsystem enablement against the official Linux kernel advisory for precise patch availability.

Exploitability

Exploitation requires local system access and process-level privileges on the target machine. An attacker cannot trigger this remotely. The flaw is activated through repeated or error-prone calls to SRQ creation routines; no special kernel exploit techniques are required. However, the vulnerability does not grant elevated privileges—it is most dangerous as a local denial-of-service vector or as a persistence mechanism for low-level resource exhaustion attacks by an already-authenticated user.

Remediation

Apply a kernel update that includes the fix to mlx4_ib_create_srq() adding the missing mlx4_srq_free() call in the error unwinding path. Coordinate patching with your system maintenance windows to minimize RDMA workload disruption. For systems where immediate patching is not feasible, restrict local system access to trusted users and monitor kernel memory allocation patterns for anomalous SRQ creation failures.

Patch guidance

Check the official Linux kernel security advisories and your distribution's errata channels for the kernel version containing the mlx4 RDMA fix. Mainline kernel versions and stable backports incorporating this fix should be identified via kernel.org release notes and vendor security bulletins. Test patches in a non-production RDMA environment first, as kernel updates affecting InfiniBand drivers may require workload rebalancing. Verify the patch includes the explicit addition of mlx4_srq_free() in error handling before and after deployment.

Detection guidance

Monitor system logs for repeated mlx4_ib_create_srq() errors or failures in dmesg and kernel audit logs. Use tools like 'slabtop' or /proc/slabinfo to detect abnormal kernel memory consumption in mlx4-related caches. On systems with heavy RDMA workloads, establish baseline memory usage metrics to spot memory leak patterns. RDMA monitoring tools and vendor-supplied diagnostics should be checked for SRQ allocation error counters.

Why prioritize this

Assign HIGH priority due to the combination of high CVSS score (7.8), local privilege requirement creating a realistic insider threat vector, and potential for service disruption in critical infrastructure. While not remotely exploitable, the ease of triggering resource exhaustion and the severity of impact on RDMA-dependent workloads warrant expedited patching. Organizations with InfiniBand clusters or RDMA-intensive applications should prioritize this update.

Risk score, explained

The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector, low complexity, local user privilege requirement, and high impact on confidentiality, integrity, and availability. Although confidentiality and integrity impact may seem unusual for a memory leak, the score accounts for the attacker's ability to crash or destabilize the system, effectively compromising all three security properties from an availability and control perspective once kernel memory is exhausted.

Frequently asked questions

Can this vulnerability be exploited remotely over the network?

No. CVE-2026-46178 requires local system access and a valid user account on the target machine. It cannot be triggered remotely via network protocols or unauthenticated pathways.

Does this affect systems without InfiniBand or Mellanox adapters?

No. This is specific to systems with the mlx4 (Mellanox ConnectX) RDMA driver enabled. Systems using other network adapters or without RDMA support are not affected.

What is the practical impact of a resource leak in kernel memory?

Repeated triggering causes kernel memory pools to fill up. Once exhausted, the system cannot allocate new kernel memory for any operation, resulting in system hangs, crashes, or forced reboots. This is a classic denial-of-service condition.

Do I need to reboot after applying the patch?

Yes, kernel security patches require a reboot to take effect. Plan patching during a maintenance window that accommodates RDMA workload migration or graceful shutdown.

This analysis is based on the published CVE record and kernel advisory data available as of the publication date. Patch availability, affected kernel versions, and remediation timelines vary by Linux distribution and vendor. Always consult your distribution's official security advisories and kernel.org release notes for authoritative patch information and version numbers. No exploit code or weaponized proof-of-concept is provided. This document is for informational and defensive security purposes only. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).