The Linux kernel’s RDMA/irdma module performs queue depth calculations using 32‑bit arithmetic. When a user supplies the maximum 32‑bit unsigned value (U32_MAX) for send, receive, or shared receive queues, the computation overflows, truncating the depth and allowing the kernel to report success even though the allocation should have failed. The result is an inaccurate queue depth that can cause resource exhaustion or kernel instability, potentially leading to a denial of service.

All Linux kernel builds that include the RDMA/irdma module and have not yet applied the hardening change are affected. No specific kernel version range is listed, so any RDMA/irdma‑enabled kernel revision released before the patch may be vulnerable. The vendor is Linux and the product is the Linux kernel.

An attacker must supply an RDMA request with an oversized depth value to trigger the overflow. The likely attack vector is local or from an RDMA application with elevated privileges, as the vulnerability requires an RDMA operation in kernel space; it is inferred that a network‑based vector is not supported by the description. The EPSS score of less than 1 % and the lack of inclusion in CISA’s KEV catalog imply a low probability of exploitation in the wild. Based on the CVSS score of 5.5, the vulnerability can cause moderate impact if exploited, but the overall risk is considered low unless the attacker has RDMA access.