CVE-2026-43120

HIGH EPSS 2.4%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails after the new umem is allocated, it releases the umem, but does not set iwmr->region to NULL. The problem is that this failure is propagated to the user, who will then call ibv_dereg_mr (as they should). Then, the dereg_mr path will see a non-NULL umem and attempt to call ib_umem_release again. Fix this by setting iwmr->region to NULL after ib_umem_release. Fixed: 5ac388db27c4 ("RDMA/irdma: Add support to re-register a memory region")

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥6.6.120  –  <6.6.136
linuxlinux_kernel*≥6.7  –  <6.12.83
linuxlinux_kernel*≥6.13  –  <6.18.24
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0c5d70bcb9d2275a1c8515a924016fcfeb4ab441
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f22c32141acdcda266b26cab2b830baf870f3e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29a3edd7004bb635d299fb9bc6f0ea4ef13ed5a2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62298a48f8b8788ad8b8464e6ffdf1ddebd2217e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66964118f1f50ed85001c8fc9f7ab5bbdd021ee0
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0c5d70bcb9d2275a1c8515a924016fcfeb4ab441
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0f22c32141acdcda266b26cab2b830baf870f3e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29a3edd7004bb635d299fb9bc6f0ea4ef13ed5a2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62298a48f8b8788ad8b8464e6ffdf1ddebd2217e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66964118f1f50ed85001c8fc9f7ab5bbdd021ee0
    Patch