HIGH
rdma SRQ Leak
CVE-2026-46178
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI3.3LOW
01Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().
02KernelScan AI Analysis
Risk summary
Systems with Mellanox ConnectX InfiniBand adapters running RDMA applications are at risk of resource exhaustion. Repeated SRQ creation failures can leak kernel resources, potentially degrading system performance over time.
Vulnerability analysis
The mlx4_ib_create_srq() function fails to call mlx4_srq_free() when ib_copy_to_udata() fails, causing a resource leak. The SRQ (Shared Receive Queue) allocated by mlx4_srq_alloc() is not cleaned up on this error path. The fix adds proper cleanup by introducing a new error label that calls mlx4_srq_free() before proceeding to existing cleanup code. This requires local access and RDMA permissions to trigger through userspace RDMA applications.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 5.10 | 5.10.258 | 53fd4c035586 |
| 5.15 | 5.15.209 | 0be6ae614ca7 |
| 6.1 | 6.1.175 | 5b3b220d54e6 |
| 6.12 | 6.12.88 | 0dbd619716fb |
| 6.18 | 6.18.30 | e01b8c9286c4 |
| 6.6 | 6.6.140 | c5dc30da9900 |
| 7.0 | 7.0.7 | 388617f44d81 |
| mainline | 7.1-rc3 | c54c7e4cb679 |