The vulnerability lies in the RDMA mana driver, specifically during queue pair creation where the error handling code does not fully unwind allocated resources. This oversight means the configuration object created by mana_ib_cfg_vport_steering() remains in memory after a failed operation, causing a persistent memory leak. Repeated failures would gradually consume kernel memory, potentially triggering an out‑of‑memory condition and leading to a system halt or restart, effectively denying availability of the kernel services.

All Linux kernel variants that include the RDMA/mana subsystem without the patches referenced in the provided Git commits are affected. No vendor or version range is explicitly enumerated in the data; the flaw is present in the upstream kernel code prior to the inclusion of the fix. Administrators should verify whether the kernel image in use contains the cited commits or a later version that incorporates them.

The CVSS score of 5.5 indicates a moderate severity, while the EPSS score of <1% reflects a very low likelihood of exploitation and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local – the flaw requires a user or process to invoke RDMA mana operations that trigger the faulty create path. Based on the description, this is inferred rather than explicitly stated. Although exploitation would need local privilege to exercise the leak repeatedly, the risk remains moderate until the kernel is updated to a version that includes the fix, at which point the condition becomes mitigated.