Double free in Linux kernel - CVE-2026-45852
Published: May 28, 2026
Vulnerability identifier: #VU132632
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45852
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to double free in rxe_srq_from_init in the RDMA rxe subsystem when handling a failed copy_to_user operation during SRQ creation. A local user can trigger an error path to cause a denial of service.
How to mitigate CVE-2026-45852
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0beefd0e15d962f497aad750b2d5e9c3570b66d1
- https://git.kernel.org/stable/c/22b8c23a3b92d023614bb00896fe364b2c1a31d3
- https://git.kernel.org/stable/c/26793db60925df1e88a29466813d586cbc190b8c
- https://git.kernel.org/stable/c/26a9cfe12f4ffdeaa136f252478986fa5f397ddc
- https://git.kernel.org/stable/c/5c07aef09a121a4cd622a71eb0753a9e135c84a8
- https://git.kernel.org/stable/c/af5956243018918130d52c9f671efdb40bab3366
- https://git.kernel.org/stable/c/ce6f8e007682f378279d4cf83b240f12d52c723b
- https://git.kernel.org/stable/c/d286f0d4e3ad3caf5f0e673cdad7bf89bf37d947