Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-46176
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-28 May, 2026 | 09:36
Updated At-02 Jul, 2026 | 12:05
Rejected At-
â–¼CVE Numbering Authority (CNA)
RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed s0 and the ERR_PTR s1 to devr->s0 and devr->s1. This leads to several problems: the lock-free fast path checks "if (devr->s1) return 0;" and treats the ERR_PTR as already initialised; users in mlx5_ib_create_qp() dereference the freed SRQ or ERR_PTR via to_msrq(devr->s0)->msrq.srqn; and mlx5_ib_dev_res_cleanup() dereferences the ERR_PTR and double-frees s0 on teardown. Fix by adding the same `goto unlock` in the s1 failure path.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/hw/mlx5/main.c
Default Status
unaffected
Versions
Affected
  • From b6334d2356fc0922ed01457960f74923058a353a before a13c2ac4d480b734342c6fbf8249fc48afd675f3 (git)
  • From 5895e70f2e6e8dc67b551ca554d6fcde0a7f0467 before bc2cf5935b4665172235341163315905197ae91d (git)
  • From 5895e70f2e6e8dc67b551ca554d6fcde0a7f0467 before b087913ae88256df66620f7ba0a9776716aeef7e (git)
  • From 5895e70f2e6e8dc67b551ca554d6fcde0a7f0467 before 6fd93142dd1d09000c3750af08270f5792523fe9 (git)
  • From 5895e70f2e6e8dc67b551ca554d6fcde0a7f0467 before c488df06bd552bb8b6e14fa0cfd5ad986c6e9525 (git)
  • From 6.6.64 before 6.6.140 (semver)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/infiniband/hw/mlx5/main.c
Default Status
affected
Versions
Affected
  • 6.11
Unaffected
  • From 0 before 6.11 (semver)
  • From 6.6.140 through 6.6.* (semver)
  • From 6.12.88 through 6.12.* (semver)
  • From 6.18.30 through 6.18.* (semver)
  • From 7.0.7 through 7.0.* (semver)
  • From 7.1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/a13c2ac4d480b734342c6fbf8249fc48afd675f3
N/A
https://git.kernel.org/stable/c/bc2cf5935b4665172235341163315905197ae91d
N/A
https://git.kernel.org/stable/c/b087913ae88256df66620f7ba0a9776716aeef7e
N/A
https://git.kernel.org/stable/c/6fd93142dd1d09000c3750af08270f5792523fe9
N/A
https://git.kernel.org/stable/c/c488df06bd552bb8b6e14fa0cfd5ad986c6e9525
N/A
Hyperlink: https://git.kernel.org/stable/c/a13c2ac4d480b734342c6fbf8249fc48afd675f3
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bc2cf5935b4665172235341163315905197ae91d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b087913ae88256df66620f7ba0a9776716aeef7e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6fd93142dd1d09000c3750af08270f5792523fe9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c488df06bd552bb8b6e14fa0cfd5ad986c6e9525
Resource: N/A
â–¼Authorized Data Publishers (ADP)
kernel: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()

A flaw was found in the Linux kernel's RDMA/mlx5 component. An error path fall-through in the `mlx5_ib_dev_res_srq_init()` function, specifically when `ib_create_srq()` fails, can lead to the use of freed memory and error pointers. This memory corruption vulnerability could result in system instability, denial of service, or potentially arbitrary code execution.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream EUS (v.9.6)
CPEs
  • cpe:/a:redhat:rhel_eus:9.6::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS EUS (v.9.6)
CPEs
  • cpe:/o:redhat:rhel_eus:9.6::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux BaseOS (v. 9)
CPEs
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat CodeReady Linux Builder EUS (v.9.6)
CPEs
  • cpe:/a:redhat:rhel_eus:9.6::crb
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::crb
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time for NFV (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)
CPEs
  • cpe:/a:redhat:rhel_eus:9.6::nfv
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time for NFV (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::nfv
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time EUS (v. 10.0)
CPEs
  • cpe:/o:redhat:enterprise_linux_eus:10.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time EUS (v.9.6)
CPEs
  • cpe:/a:redhat:rhel_eus:9.6::realtime
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux Real Time (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::realtime
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-825Expired Pointer Dereference
Type: CWE
CWE ID: CWE-825
Description: Expired Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:33215: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)

RHSA-2026:33685: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)

RHSA-2026:34094: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)

RHSA-2026:30848: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-05-28 00:00:00
Made public.2026-05-28 00:00:00
Event: Reported to Red Hat.
Date: 2026-05-28 00:00:00
Event: Made public.
Date: 2026-05-28 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-46176
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482594
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46176.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:33215
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33685
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34094
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30848
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-46176
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2482594
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46176.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33215
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:33685
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34094
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:30848
Resource:
vendor-advisory
x_refsource_REDHAT
Details not found