CVE-2026-46126 Linux CVE debrief

Who should care

Organizations running Linux systems with Microsoft Azure Network Adapter (MANA) RDMA hardware, cloud providers offering RDMA-enabled instances, and kernel maintainers backporting stable fixes.

Technical summary

The vulnerability exists in the RDMA/mana driver's `mana_ib_create_qp_rss()` function, which creates queue pairs with RSS support. The error unwind logic contains two bugs: (1) a double decrement of index variable `i` on the first failure path due to both a while loop decrement and an explicit `i--`, and (2) failure to undo `mana_create_wq_obj()` when `mana_ib_install_cq_cb()` fails because of the incorrect `i--` placement. These bugs can result in improper cleanup of Work Queue objects, potentially leading to resource leaks or inconsistent state. The fix removes the erroneous `i--` and corrects the unwind logic to properly release all allocated WQ objects on any failure path.

Defensive priority

medium

Recommended defensive actions

• Review kernel version and apply stable kernel updates containing the fix commits
• Monitor Linux distribution security advisories for backported patches
• Assess systems using Microsoft Azure Network Adapter (MANA) RDMA functionality for exposure
• Validate error handling paths in custom kernel modules utilizing similar WQ table patterns

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Technical details derived from kernel commit messages referenced in NVD. Vendor identification marked as low confidence requiring review; 'Kernel' domain candidate noted.

Official resources