The vulnerability occurs in the RDMA mana driver when creating a queue pair service request and the error handling path fails to unwind resources correctly. This omission allows the internal configuration object mana_ib_cfg_vport_steering() to remain allocated after a failed creation, which can accumulate over time. The accumulation of leaked allocations in kernel memory can trigger a memory pressure event or out‑of‑memory condition, causing a system halt or restart, effectively denying availability of the kernel services. The weakness is a classic memory‑leak type flaw.

The flaw is present in all Linux kernel versions that include the RDMA/mana subsystem without the patch from the referenced Git commits. Because the kernel is a common component across many distributions, any affected installation that utilizes RDMA mana may be impacted, regardless of the vendor’s vendor specific name or version. The specific affected range is not enumerated, but the references point to a patch submitted to the upstream kernel. Administrators should verify whether their kernel image incorporates those commits.

The exploit requires local privileges to trigger RDMA mana operations that lead to the faulty create path, so the attack vector is local. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating that it is not a known actively exploited vulnerability. However, the impact of an eventual out‑of‑memory condition can be catastrophic if the flaw is exercised repeatedly without remediation. Because the bug resides in kernel code, exploitation would involve a privileged or compromised user environment. The risk remains moderate until the patch is applied, at which point it becomes negligible.