CVE-2026-46145 Linux CVE debrief

Who should care

System administrators running Linux kernels with MANA (Microsoft Azure Network Adapter) RDMA support enabled; cloud infrastructure operators using Azure VMs with RDMA capabilities; security teams monitoring kernel-level vulnerabilities affecting network drivers

Technical summary

The RDMA/mana driver in the Linux kernel failed to validate the rx_hash_key_len field from userspace uAPI structures before using it in a memcpy operation. This allowed malicious or malformed userspace input to trigger out-of-bounds memory writes in kernel space, potentially leading to memory corruption, crashes, or privilege escalation. The vulnerability was discovered by Sashiko and fixed by adding proper bounds validation before the memcpy call. The fix has been backported to multiple stable kernel branches as evidenced by five separate kernel.org stable commits.

Defensive priority

high

Recommended defensive actions

• Apply the relevant stable kernel patch for your kernel version
• Review systems using Microsoft Azure Network Adapter (MANA) RDMA functionality
• Monitor for kernel updates from your Linux distribution
• Verify kernel version includes the fix commit or its backport

Evidence notes

The CVE description and kernel commit references confirm this is a resolved vulnerability in the RDMA/mana driver. The fix adds bounds checking on rx_hash_key_len, which originates from a uAPI structure and was previously passed unchecked to memcpy. Multiple stable kernel commits are referenced, indicating backports to various kernel versions.

Official resources