Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Validate rx_hash_key_len

Sashiko points out that rx_hash_key_len comes from a uAPI structure and is
blindly passed to memcpy, allowing the userspace to trash kernel
memory. Bounds check it so the memcpy cannot overflow.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the Linux kernel’s RDMA/mana subsystem originates from the unchecked length field rx_hash_key_len that originates from a userspace API structure. That length is passed directly into a memcpy call without bounds verification, allowing a userspace application to provide an oversized value and cause the kernel to copy data beyond the intended buffer. This memory corruption can enable arbitrary kernel memory writes, potentially allowing an attacker to execute code with kernel privileges or crash the system.

Affected Systems

All Linux kernel builds that contain the RDMA/mana module without the validation patch are vulnerable. No specific version numbers are listed, so any kernel before the patch that added the bounds check is at risk.

Risk and Exploitability

The vulnerability can be triggered by a local or privileged userspace process that interacts with the RDMA/mana interface, making it feasible for an attacker to deliver a crafted length value. Successful exploitation would likely result in privilege escalation or denial of service. No EPSS score is available, the issue is not listed in the CISA KEV catalog, and the lack of bounds checking signifies a high severity within affected kernel environments.

Generated by OpenCVE AI on May 28, 2026 at 11:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that validates rx_hash_key_len before calling memcpy.
  • Upgrade the system to a kernel version that includes the validation change.
  • Restrict RDMA/mana API access by configuring udev rules or capabilities so that only trusted users or processes can invoke the interface.
  • As a temporary precaution, disable RDMA functionality or isolate RDMA devices from untrusted workloads, if feasible.

Generated by OpenCVE AI on May 28, 2026 at 11:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow.
Title RDMA/mana: Validate rx_hash_key_len
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:01.805Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46145

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:30.110

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T13:00:19Z

Weaknesses