SB20260529174 - Out-of-bounds read in Linux kernel sw rxe driver



SB20260529174 - Out-of-bounds read in Linux kernel sw rxe driver

Published: May 29, 2026

Security Bulletin ID SB20260529174
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-46133)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an out-of-bounds read in rxe_icrc_hdr() and opcode handling in the Soft RoCE receive path when processing a specially crafted UDP packet with an unknown RDMA opcode. A remote attacker can send a specially crafted UDP packet to trigger an out-of-bounds read and cause a denial of service.

The issue can be triggered without authentication after the RDMA RXE interface is enabled, and no queue pair or connection setup is required.


Remediation

Install update from vendor's website.