CVE-2026-46189 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

Sashiko points out that pvrdma_uar_free() is already called within
pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

Published: 2026-05-28

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a double free in the Linux kernel’s RDMA/pvrdma driver, triggered when pvrdma_uar_free() is called twice on the same context. This double free can corrupt kernel memory, potentially causing a kernel panic or creating a vector for privilege escalation if the freed memory is reused maliciously. The description does not list a specific exploitation chain, but kernel memory corruption can lead to system instability or arbitrary code execution when combined with other weaknesses.

Affected Systems

All Linux kernel versions before the inclusion of the fix commit are affected. The flaw resides within the core linux kernel’s RDMA/pvrdma driver, which is part of the standard kernel distribution.

Risk and Exploitability

The double free is a kernel-level memory corruption issue. An attacker who can trigger the error path—most likely through crafted RDMA traffic or via a local privileged user—could cause a denial of service by crashing the kernel. While the current description does not provide a detailed exploit chain, double frees can be leveraged for privilege escalation if coupled with further vulnerabilities. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of spontaneous exploitation in the wild is unclear, but a kernel crash remains a significant risk once an attacker reaches the affected code path.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1`	affected	< ecc36a82ecfcfdf3c6606d209f22ec5543c410e0
`29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1`	affected	< 45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0
`29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1`	affected	< 0c63333ff97bd1275294fd12840a0efe9d7a4c59
`29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1`	affected	< 935ee27d0904aa944cbcc979094c20e5ef62eead
`29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1`	affected	< e38e86995df27f1f854063dab1f0c6a513db3faf

Linux

affected

Version	Status	Constraints
`4.10`	affected	—
`0`	unaffected	< 4.10
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc3`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that contains the patch from commit 0c63333ff97bd1275294fd12840a0efe9d7a4c59, or apply the corresponding backport if using an older distribution.
If an immediate upgrade is not possible, disable the RDMA/pvrdma driver or block RDMA traffic to prevent accidental activation of the vulnerable code path.
Regularly review kernel release notes and security advisories to ensure the fix is applied before the kernel is deployed in production environments.

Generated by OpenCVE AI on May 28, 2026 at 12:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59
https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0
https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead
https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf
https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0

History

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.
Title		RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59 https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0 https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:36:43.205Z

Updated: 2026-05-28T09:36:43.205Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46189

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T10:16:34.540

Modified: 2026-05-28T10:16:34.540

Link: CVE-2026-46189

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T12:15:21Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object