Fedora Account System
Red Hat Associate
Red Hat Customer
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_map_pages() can fail. If this occurs, the dmabuf is immediately unpinned but the umem_dmabuf->pinned flag is still set. Then, when ib_umem_release() is called, it calls ib_umem_dmabuf_revoke() which will call dma_buf_unpin() again. Fix this by removing the immediate unpin upon failure and just let the ib_umem_release/revoke path handle it. This also ensures the proper unmap-unpin unwind ordering if the dmabuf_map_pages call happened to fail due to dma_resv_wait_timeout (and therefore has a non-NULL umem_dmabuf->sgt).
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026050620-CVE-2026-43128-5ff4@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19569 https://access.redhat.com/errata/RHSA-2026:19569
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19568 https://access.redhat.com/errata/RHSA-2026:19568
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:27713 https://access.redhat.com/errata/RHSA-2026:27713
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:33215 https://access.redhat.com/errata/RHSA-2026:33215
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:33900 https://access.redhat.com/errata/RHSA-2026:33900
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:34095 https://access.redhat.com/errata/RHSA-2026:34095
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:34094 https://access.redhat.com/errata/RHSA-2026:34094