CVE-2026-46189 Linux CVE debrief

Who should care

Organizations running Linux workloads on VMware infrastructure with RDMA-enabled virtual machines, particularly those using paravirtual RDMA devices. System administrators managing kernel security updates and virtualization platforms should prioritize this fix.

Technical summary

The vmw_pvrdma driver in the Linux kernel contains a double-free vulnerability in its user context allocation error handling. When pvrdma_alloc_ucontext() fails, it calls pvrdma_uar_free() before calling pvrdma_dealloc_ucontext(). However, pvrdma_dealloc_ucontext() also calls pvrdma_uar_free(), resulting in the same User Access Region (UAR) being freed twice. This memory management error can corrupt kernel heap metadata and potentially lead to privilege escalation or denial of service. The fix removes the extraneous pvrdma_uar_free() call from the error path in pvrdma_alloc_ucontext().

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix for CVE-2026-46189 when available from your Linux distribution
• Verify that systems running VMware virtual machines with RDMA passthrough are using patched kernel versions
• Monitor kernel logs for vmw_pvrdma-related errors or crashes that may indicate exploitation attempts
• Review and update vulnerability management processes to track kernel-level RDMA driver security updates

Evidence notes

The CVE description explicitly identifies the double-free condition in pvrdma_alloc_ucontext() where pvrdma_uar_free() is called before pvrdma_dealloc_ucontext(), which itself calls pvrdma_uar_free(). Multiple kernel.org stable tree commits are referenced, indicating backports to affected kernel versions.

Official resources