Incorrect calculation in Linux kernel - CVE-2026-46325
Published: June 10, 2026
Vulnerability identifier: #VU134175
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46325
CWE-ID: CWE-682
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper memory address conversion in the RDMA RXE memory region handling code when processing memory regions with page sizes different from the system PAGE_SIZE. A local user can register or access a crafted memory region layout to cause a denial of service.
The issue can lead to incorrect iova-to-va translation and a kernel panic.
How to mitigate CVE-2026-46325
Install security update from vendor's repository.