Use-after-free in Linux kernel - CVE-2026-46176
Published: May 29, 2026
Vulnerability identifier: #VU133012
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46176
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free and double free in mlx5_ib_dev_res_srq_init() when handling an error during SRQ initialization after ib_create_srq() fails for the second SRQ. A local user can trigger the faulty initialization path to cause a denial of service.
The issue occurs because freed and error-pointer SRQ values are stored and later dereferenced during queue pair creation and cleanup.
How to mitigate CVE-2026-46176
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/6fd93142dd1d09000c3750af08270f5792523fe9
- https://git.kernel.org/stable/c/a13c2ac4d480b734342c6fbf8249fc48afd675f3
- https://git.kernel.org/stable/c/b087913ae88256df66620f7ba0a9776716aeef7e
- https://git.kernel.org/stable/c/bc2cf5935b4665172235341163315905197ae91d
- https://git.kernel.org/stable/c/c488df06bd552bb8b6e14fa0cfd5ad986c6e9525