SB20260529174 - Out-of-bounds read in Linux kernel sw rxe driver
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-46133)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in rxe_icrc_hdr() and opcode handling in the Soft RoCE receive path when processing a specially crafted UDP packet with an unknown RDMA opcode. A remote attacker can send a specially crafted UDP packet to trigger an out-of-bounds read and cause a denial of service.
The issue can be triggered without authentication after the RDMA RXE interface is enabled, and no queue pair or connection setup is required.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/006a3a5f75345c6a0dbf13fd3ee01406e93b6733
- https://git.kernel.org/stable/c/4c6f86d85d03cdb33addce86aa69aa795ca6c47a
- https://git.kernel.org/stable/c/6fa18025e5782afff91415fd5217b39c1e4837d7
- https://git.kernel.org/stable/c/e3dc3a2fb05f4ed49c7f20594c4c52350d032189
- https://git.kernel.org/stable/c/f8ee926431a7bbec2b10c1290664af2cb290b983