CVE-2026-43120
Published: May 6, 2026
Modified: May 23, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails after the new umem is allocated, it releases the umem, but does not set iwmr->region to NULL. The problem is that this failure is propagated to the user, who will then call ibv_dereg_mr (as they should). Then, the dereg_mr path will see a non-NULL umem and attempt to call ib_umem_release again. Fix this by setting iwmr->region to NULL after ib_umem_release. Fixed: 5ac388db27c4 ("RDMA/irdma: Add support to re-register a memory region")
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 715fdb3b30541cc8180b7cdc6aa9f8c307afdf25 - < 62298a48f8b8788ad8b8464e6ffdf1ddebd2217eaffected 5ac388db27c443dadfbb0b8b23fa7ccf429d901a - < 66964118f1f50ed85001c8fc9f7ab5bbdd021ee0affected 5ac388db27c443dadfbb0b8b23fa7ccf429d901a - < 0f22c32141acdcda266b26cab2b830baf870f3e0affected 5ac388db27c443dadfbb0b8b23fa7ccf429d901a - < 0c5d70bcb9d2275a1c8515a924016fcfeb4ab441affected 5ac388db27c443dadfbb0b8b23fa7ccf429d901a - < 29a3edd7004bb635d299fb9bc6f0ea4ef13ed5a2+1 more versions |
Linux | Linux | affected 6.7unaffected 0 - < 6.7unaffected 6.6.136 - <= 6.6.*unaffected 6.12.83 - <= 6.12.*unaffected 6.18.24 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now