CVE-2026-46145

HIGH

RDMA/mana: Validate rx_hash_key_len

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow.

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 3.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (19)
linux/Kernel 6.13.0 - 6.18.30linux
linux/Kernel 6.19.0 - 7.0.7linux
linux/Kernel 6.2.0 - 6.6.141linux
linux/Kernel 6.7.0 - 6.12.88linux
Linux/Linux < 6.2
Linux/Linux 0266a177631d4c6b963b5b12dd986a8c5abdbf06 - 012796f9541fcd0c1fa8ae4da7eb4d83931ef838
Linux/Linux 0266a177631d4c6b963b5b12dd986a8c5abdbf06 - 11c1431d641e0e4e0529e96957995820600c7287
Linux/Linux 0266a177631d4c6b963b5b12dd986a8c5abdbf06 - 6dd2d4ad9c8429523b1c220c5132bd551c006425
Linux/Linux 0266a177631d4c6b963b5b12dd986a8c5abdbf06 - 7d7c9f0fcd19c4d2f0164347c58d49cafa961b72
Linux/Linux 0266a177631d4c6b963b5b12dd986a8c5abdbf06 - 7d94f155f354b961c598f71bafa804dceded513f
... and 9 more
Published May 28, 2026
Tracked Since May 28, 2026