In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow.
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid `rx_hash_key_len` value through a user-space API (uAPI) structure. This invalid value is then used in a `memcpy` operation without proper bounds checking, allowing the user to write beyond intended memory boundaries. This can lead to kernel memory corruption, potentially resulting in privilege escalation or a denial of service (DoS).
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CAPEC ID | Description |
|---|
RHSA-2026:30129: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)
RHSA-2026:27789: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)
RHSA-2026:27353: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)
RHSA-2026:27354: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)
| Event | Date |
|---|---|
| Reported to Red Hat. | 2026-05-28 00:00:00 |
| Made public. | 2026-05-28 00:00:00 |
| Hyperlink | Resource |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-46145 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482581 | issue-tracking x_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46145.json | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:30129 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27789 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27353 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27354 | vendor-advisory x_refsource_REDHAT |