CVE-2026-46117 Linux CVE debrief

Who should care

Organizations running Linux systems with Microsoft Azure Network Adapter (MANA) RDMA hardware, cloud providers offering RDMA-enabled instances, and enterprises using high-performance computing workloads that rely on kernel RDMA subsystems.

Technical summary

The RDMA/mana driver in the Linux kernel contained a vulnerability in mana_ib_create_qp_rss() where user-space could specify Work Queues sharing the same Completion Queue. This configuration triggered a WARN_ON() assertion that, rather than halting execution, was followed by code that corrupted kernel memory. The vulnerability is user-triggerable through the RDMA uAPI. The resolution removes the WARN_ON() and replaces it with proper validation that rejects the invalid QP configuration, preventing the corruption path.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits for affected stable branches
• Review systems using Microsoft Azure Network Adapter (MANA) RDMA functionality for kernel stability issues
• Monitor kernel logs for QP creation failures in RDMA/mana after patching
• Validate RDMA application configurations avoid WQ/CQ sharing patterns that previously triggered this condition

Evidence notes

The vulnerability description indicates this was a user-triggerable kernel corruption path in RDMA/mana driver QP creation. The fix commit removes the WARN_ON() and adds proper validation to reject invalid WQ/CQ configurations. Multiple stable kernel branches received backports.

Official resources