{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23289", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:48.207Z", "dateUpdated": "2026-03-25T10:26:48.207Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:48.207Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()\n\nFix a user triggerable leak on the system call failure path."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mthca/mthca_provider.c"], "versions": [{"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "f67f1ad4029e9fa183141546de31987b254c9292", "status": "affected", "versionType": "git"}, {"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "d0148965dbca8cc8efa7e3d6e99940487bf661c0", "status": "affected", "versionType": "git"}, {"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "da8eaa73bc37d004350ba68eb18b6ade8e49db52", "status": "affected", "versionType": "git"}, {"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "deee46b37ebd8cc5ff810127883fca90f2412a7b", "status": "affected", "versionType": "git"}, {"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "972b72d7e2d8fe1400f1c7a8304c282c539b7e02", "status": "affected", "versionType": "git"}, {"version": "ec34a922d243c3401a694450734e9effb2bafbfe", "lessThan": "117942ca43e2e3c3d121faae530989931b7f67e1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/mthca/mthca_provider.c"], "versions": [{"version": "2.6.14", "status": "affected"}, {"version": "0", "lessThan": "2.6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292"}, {"url": "https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0"}, {"url": "https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52"}, {"url": "https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b"}, {"url": "https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02"}, {"url": "https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1"}], "title": "IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()\n\nFix a user triggerable leak on the system call failure path."}], "id": "CVE-2026-23289", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:23.887", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()", "id": "2451253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451253"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's IB/mthca component. A local user could exploit this vulnerability by triggering a system call failure path related to the `mthca_create_srq()` function. This oversight leads to a missed unmapping of user database resources, resulting in a resource leak."], "name": "CVE-2026-23289", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23289\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23289\nhttps://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23289-aa54@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:05:34.445500+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that incorporates the mthca_unmap_user_db fix as shown in the referenced commit logs.", "Confirm the running kernel contains the relevant commit (e.g., by grepping the local version log or vendor\u2011provided version string).", "Restart any services or drivers that use the IB/mthca device to load the updated driver."], "summary": {"action": "Patch", "impact": "Information Disclosure via Memory Leak"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that ship the IB/mthca Infiniband driver and do not yet incorporate the commit adding mthca_unmap_user_db() are vulnerable. The exact version range depends on the inclusion of the missing unmap call; systems built from kernel sources before the commits referenced (e.g., 117942ca and related revisions) are at risk. Administrators should verify that their running kernel includes these commits or is later than the affected series.", "description_and_impact": "The IB/mthca driver in the Linux kernel contained a flaw where, if an attempt to create a shared receive queue (SRQ) failed, the driver omitted a cleanup call that unmapped the user database. This omission caused kernel memory to remain mapped to user space, allowing an attacker to read otherwise protected kernel data. The flaw facilitates an information\u2011disclosure attack and corresponds with the CWE-200 weakness. The affected data could include process tables, configuration information, or cryptographic material stored in memory.", "risk_and_exploitability": "This issue is a local, user\u2011triggered leak that does not confer privilege escalation, so the severity is moderate. The CVSS score is not provided, and the EPSS rating is unavailable; the vulnerability is not listed in CISA\u2019s KEV catalog, indicating no known public exploits as of now. Exploitation requires a local user to invoke the SRQ creation system call and observe the failure path, typically by supplying invalid parameters or provoking a resource limitation. Updating the kernel to a build that includes the missing cleanup eliminates the risk."}}}}, "created": "2026-03-25T21:15:41.313928+00:00", "updated": "2026-03-25T21:15:41.313971+00:00", "vendors": [], "weaknesses": ["CWE-200"]}