Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Validate the passed in fops for ib_get_ucaps()

Sashiko pointed out it is not safe to rely only on the devt because
char/block alias so if the user finds a block device with the same dev_t
it can masquerade as a ucap cdev fd.

Test the f_ops to only accept authentic cdevs.
Published: 2026-06-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s ib_get_ucaps() function validates the file operations passed to it only by checking the device type identifier. This approach allows a user with the ability to create a block device to craft a device that shares the same dev_t as the expected character device. When the kernel then treats this block device as an RDMA user capabilities device, it may invoke kernel operations on an unintended device, leading to unauthorized use of RDMA interfaces. The impact is that an attacker could gain unapproved access to RDMA capabilities, potentially affecting confidentiality and integrity of data transmitted through RDMA channels.

Affected Systems

The flaw exists in all Linux kernels that include the RDMA core subsystem and that have not yet been updated to the patch that adds proper fops validation. No specific kernel version range is listed in the advisory, so any kernel derived from the affected branch and still using the unpatched ib_get_ucaps() can be impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score of <1% suggests a low probability of exploitation at this time. Because the fault requires a local user to craft a block device that impersonates the RDMA character device, the attack vector is local. The vulnerability is not currently listed in the CISA KEV catalog, so no large‑scale exploitation has been observed yet. Nevertheless, the combination of high impact and the possibility of local exploitation warrants prompt attention, especially on systems where RDMA is enabled and the kernel version is known or unknown to be fixed.

Generated by OpenCVE AI on June 28, 2026 at 14:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel that incorporates the fops validation fix for ib_get_ucaps()
  • If an immediate kernel update is not feasible, disable the RDMA subsystem or unload the ib_core modules until the patched kernel is available
  • Monitor system logs for creation of block devices that could masquerade as RDMA character devices and investigate any suspicious activity

Generated by OpenCVE AI on June 28, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Fri, 26 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-351
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ib_get_ucaps() Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same dev_t it can masquerade as a ucap cdev fd. Test the f_ops to only accept authentic cdevs.
Title RDMA/core: Validate the passed in fops for ib_get_ucaps()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:40:04.206Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53188

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53188 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:30:07Z

Weaknesses
  • CWE-351

    Insufficient Type Distinction