Bug 2482532 (CVE-2026-46181) - CVE-2026-46181 kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Summary: CVE-2026-46181 kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Keywords:
Status: NEW
Alias: CVE-2026-46181
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-28 11:01 UTC by OSIDB Bzimport
Modified: 2026-07-17 12:52 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:25120 0 None None None 2026-06-10 20:00:25 UTC
Red Hat Product Errata RHSA-2026:25121 0 None None None 2026-06-10 21:39:08 UTC
Red Hat Product Errata RHSA-2026:25217 0 None None None 2026-06-11 10:13:36 UTC
Red Hat Product Errata RHSA-2026:33900 0 None None None 2026-07-01 00:13:42 UTC
Red Hat Product Errata RHSA-2026:34094 0 None None None 2026-07-01 08:59:12 UTC
Red Hat Product Errata RHSA-2026:34095 0 None None None 2026-07-01 08:41:01 UTC
Red Hat Product Errata RHSA-2026:34443 0 None None None 2026-07-01 19:15:17 UTC
Red Hat Product Errata RHSA-2026:35863 0 None None None 2026-07-06 04:51:35 UTC
Red Hat Product Errata RHSA-2026:35894 0 None None None 2026-07-06 13:42:10 UTC
Red Hat Product Errata RHSA-2026:35896 0 None None None 2026-07-06 14:26:49 UTC
Red Hat Product Errata RHSA-2026:36216 0 None None None 2026-07-07 14:06:01 UTC
Red Hat Product Errata RHSA-2026:41236 0 None None None 2026-07-17 12:52:39 UTC

Description OSIDB Bzimport 2026-05-28 11:01:57 UTC
In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

Sashiko points out the radix_tree itself is RCU safe, but nothing ever
frees the mlx4_srq struct with RCU, and it isn't even accessed within the
RCU critical section. It also will crash if an event is delivered before
the srq object is finished initializing.

Use the spinlock since it isn't easy to make RCU work, use
refcount_inc_not_zero() to protect against partially initialized objects,
and order the refcount_set() to be after the srq is fully initialized.

Comment 4 errata-xmlrpc 2026-06-10 20:00:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:25120 https://access.redhat.com/errata/RHSA-2026:25120

Comment 5 errata-xmlrpc 2026-06-10 21:39:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:25121 https://access.redhat.com/errata/RHSA-2026:25121

Comment 6 errata-xmlrpc 2026-06-11 10:13:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:25217 https://access.redhat.com/errata/RHSA-2026:25217

Comment 7 Akemi Yagi 2026-06-17 16:50:02 UTC
According to:

https://access.redhat.com/security/cve/cve-2026-46181

"Vulnerable Code not Present" in RHEL10.

Are you sure about this?

Comment 8 errata-xmlrpc 2026-07-01 00:13:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:33900 https://access.redhat.com/errata/RHSA-2026:33900

Comment 9 errata-xmlrpc 2026-07-01 08:41:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:34095 https://access.redhat.com/errata/RHSA-2026:34095

Comment 10 errata-xmlrpc 2026-07-01 08:59:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:34094 https://access.redhat.com/errata/RHSA-2026:34094

Comment 11 errata-xmlrpc 2026-07-01 19:15:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:34443 https://access.redhat.com/errata/RHSA-2026:34443

Comment 12 errata-xmlrpc 2026-07-06 04:51:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:35863 https://access.redhat.com/errata/RHSA-2026:35863

Comment 13 errata-xmlrpc 2026-07-06 13:42:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:35894 https://access.redhat.com/errata/RHSA-2026:35894

Comment 14 errata-xmlrpc 2026-07-06 14:26:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:35896 https://access.redhat.com/errata/RHSA-2026:35896

Comment 15 errata-xmlrpc 2026-07-07 14:05:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:36216 https://access.redhat.com/errata/RHSA-2026:36216

Comment 16 errata-xmlrpc 2026-07-17 12:52:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:41236 https://access.redhat.com/errata/RHSA-2026:41236


Note You need to log in before you can comment on or make changes to this bug.