CVE-2026-45910 Linux CVE debrief

Who should care

Linux kernel maintainers, organizations running Soft-RoCE (rxe) for RDMA over Ethernet, cloud providers offering RDMA services, and security teams monitoring kernel stability

Technical summary

The RDMA/rxe (Soft-RoCE) driver in the Linux kernel contains a race condition between QP timer handlers and QP destruction. When retransmit_timer() executes concurrently with rxe_destroy_qp(), the QP reference count can reach zero during timer execution, triggering WARN_ON assertions and refcount_t underflow warnings. The fix adds proper reference count management (rxe_get/rxe_put) within timer callbacks to ensure the QP remains valid throughout handler execution.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available for your distribution
• Monitor kernel logs for WARN_ON messages related to rxe_sched_task or refcount_t underflow in RDMA/rxe operations
• If running Soft-RoCE (rxe) on affected kernels, consider scheduling maintenance windows for kernel updates
• Review custom kernel builds using RDMA/rxe for inclusion of the referenced fixes

Evidence notes

The vulnerability is documented through kernel warning traces showing the race condition between CPU0 executing retransmit_timer() and CPU1 executing rxe_destroy_qp(). The fix involves adding proper reference count management in timer handlers. Multiple stable kernel commits are referenced indicating backports to various kernel versions.

Official resources