CVE-2026-46144 Linux CVE debrief

Who should care

Organizations running Linux workloads on Microsoft Azure using MANA RDMA networking, particularly those creating and destroying RDMA queue pairs frequently. Cloud administrators and kernel maintainers responsible for Azure VM fleet security should prioritize this patch to prevent resource exhaustion in long-running RDMA applications.

Technical summary

The RDMA/mana driver in the Linux kernel contains a resource leak in the error unwind path of `mana_ib_create_qp_rss()`. When queue pair creation with RSS (Receive Side Scaling) fails, the `mana_ib_cfg_vport_steering()` configuration allocated during setup is not released. The normal destroy path handles cleanup, but the error path omits this step. This affects Azure virtual machines using Microsoft's MANA RDMA hardware. The fix ensures proper resource cleanup in both success and failure paths. Multiple stable kernel branches have received backports of this fix.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix for CVE-2026-46144 to systems using the MANA RDMA driver
• Monitor for kernel updates from your Linux distribution that include the RDMA/mana fix
• For Azure VMs using MANA RDMA, ensure kernel version includes commit ab64c63b460bbd0521480bf90d5695783f5e66bc or equivalent backport
• Review system logs for RDMA QP creation failures that may indicate resource exhaustion from this leak
• Consider restarting RDMA workloads periodically if immediate patching is not possible to mitigate resource accumulation

Evidence notes

The CVE description and kernel commit references confirm this is a resource leak in error handling within the RDMA/mana driver. The fix ensures `mana_ib_cfg_vport_steering()` is properly cleaned up when `mana_ib_create_qp_rss()` fails. Multiple stable kernel branches received backports of this fix.

Official resources