Description
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
Published: 2026-06-09
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in Microsoft’s Linux kernel MANA network driver. An attacker who has local access can trigger the flaw and gain elevated privileges, enabling the execution of arbitrary code as root. The flaw is classified as CWE‑416: Use After Free.

Affected Systems

Microsoft’s Linux kernel MANA network driver is affected. The advisory does not list specific affected versions, so any deployment of the driver may be vulnerable until an official patch is released.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity. EPSS information is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local authorized attacker who can interact with the driver; remote exploitation is not indicated. Exploitation would allow complete compromise of the host system by granting root privileges.

Generated by OpenCVE AI on June 9, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for the MANA network driver
  • Disable or remove the MANA driver temporarily until a patch is available
  • Limit local account privileges to reduce the attack surface

Generated by OpenCVE AI on June 9, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft linux Kernel - Microsoft Mana Network Driver
Vendors & Products Microsoft linux Kernel - Microsoft Mana Network Driver
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
Title Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft linux Kernel Mana Network Driver
Weaknesses CWE-416
CPEs cpe:2.3:a:microsoft:linux_kernel_mana_network_driver:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft linux Kernel Mana Network Driver
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Linux Kernel - Microsoft Mana Network Driver Linux Kernel Mana Network Driver
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-10T10:20:09.003Z

Reserved: 2026-05-12T16:06:43.100Z

Link: CVE-2026-45476

cve-icon Vulnrichment

Updated: 2026-06-10T10:20:03.789Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:22.140

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-45476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T11:22:26Z

Weaknesses