Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Validate rx_hash_key_len

Sashiko points out that rx_hash_key_len comes from a uAPI structure and is
blindly passed to memcpy, allowing the userspace to trash kernel
memory. Bounds check it so the memcpy cannot overflow.
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the Linux kernel’s RDMA/mana subsystem originates from the unchecked length field rx_hash_key_len that originates from a userspace API structure. That length is passed directly into a memcpy call without bounds verification, allowing a userspace application to provide an oversized value and cause the kernel to copy data beyond the intended buffer. This memory corruption can enable arbitrary kernel memory writes, potentially allowing an attacker to execute code with kernel privileges or crash the system.

Affected Systems

All Linux kernel builds that contain the RDMA/mana module without the validation patch are vulnerable. No specific version numbers are listed, so any kernel before the patch that added the bounds check is at risk.

Risk and Exploitability

The vulnerability can be triggered by a local or privileged userspace process that interacts with the RDMA/mana interface, making it feasible for an attacker to deliver a crafted length value. Successful exploitation would likely result in privilege escalation or denial of service. The CVSS score of 7.8 indicates high severity, and an EPSS score of < 1% shows low current exploitation probability. The issue is not listed in the CISA KEV catalog, and the lack of bounds checking signifies a high severity within affected kernel environments.

Generated by OpenCVE AI on June 10, 2026 at 22:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that validates rx_hash_key_len before calling memcpy.
  • Upgrade the system to a kernel version that includes the validation change.
  • Restrict RDMA/mana API access by configuring udev rules or capabilities so that only trusted users or processes can invoke the interface.
  • As a temporary precaution, disable RDMA functionality or isolate RDMA devices from untrusted workloads, if feasible.

Generated by OpenCVE AI on June 10, 2026 at 22:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow.
Title RDMA/mana: Validate rx_hash_key_len
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:57:54.214Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46145

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:30.110

Modified: 2026-06-10T21:17:56.673

Link: CVE-2026-46145

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46145 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses