{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46117", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.098Z", "datePublished": "2026-05-28T09:35:32.344Z", "dateUpdated": "2026-05-30T10:47:54.951Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-30T10:47:54.951Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()\n\nSashiko points out that the user can specify WQs sharing the same CQ as a\npart of the uAPI and this will trigger the WARN_ON() then go on to corrupt\nthe kernel.\n\nJust reject it outright and fail the QP creation."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "versions": [{"version": "c15d7802a42402a87880a17eee89ff023e49ecc0", "lessThan": "9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71", "status": "affected", "versionType": "git"}, {"version": "c15d7802a42402a87880a17eee89ff023e49ecc0", "lessThan": "9ef65af26b2a6738bf15812042e84b3112402d3a", "status": "affected", "versionType": "git"}, {"version": "c15d7802a42402a87880a17eee89ff023e49ecc0", "lessThan": "db991ba50087ad99fa12a2c483aa3be19671ea73", "status": "affected", "versionType": "git"}, {"version": "c15d7802a42402a87880a17eee89ff023e49ecc0", "lessThan": "159f2efabc89d3f931d38f2d35876535d4abf0a3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mana/cq.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.30", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.7", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.1-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71"}, {"url": "https://git.kernel.org/stable/c/9ef65af26b2a6738bf15812042e84b3112402d3a"}, {"url": "https://git.kernel.org/stable/c/db991ba50087ad99fa12a2c483aa3be19671ea73"}, {"url": "https://git.kernel.org/stable/c/159f2efabc89d3f931d38f2d35876535d4abf0a3"}], "title": "RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()\n\nSashiko points out that the user can specify WQs sharing the same CQ as a\npart of the uAPI and this will trigger the WARN_ON() then go on to corrupt\nthe kernel.\n\nJust reject it outright and fail the QP creation."}], "id": "CVE-2026-46117", "lastModified": "2026-05-30T11:17:22.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-28T10:16:27.203", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/159f2efabc89d3f931d38f2d35876535d4abf0a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9cc0c6b1ba8cd5c55aef043e1384de0a8b4efa71"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ef65af26b2a6738bf15812042e84b3112402d3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/db991ba50087ad99fa12a2c483aa3be19671ea73"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()", "id": "2482576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482576"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1288", "details": ["A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface (uAPI) that cause an internal error. This issue arises when Work Queues (WQs) are specified to share the same Completion Queue (CQ), leading to an unstable system state."], "name": "CVE-2026-46117", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46117\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46117\nhttps://lore.kernel.org/linux-cve-announce/2026052814-CVE-2026-46117-a93b@gregkh/T"], "threat_severity": "Important"}