CVE-2026-46053 - Vulnerability Details

- net: rds: fix MR cleanup on copy error

Description

In the Linux kernel, the following vulnerability has been resolved:

net: rds: fix MR cleanup on copy error

__rds_rdma_map() hands sg/pages ownership to the transport after
get_mr() succeeds. If copying the generated cookie back to user space
fails after that point, the error path must not free those resources
again before dropping the MR reference.

Remove the duplicate unpin/free from the put_user() failure branch so
that MR teardown is handled only through the existing final cleanup
path.

Published: 2026-05-27

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< 91a44b406bc1f9e1c5da0cb7d0d5991b43b79147
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< 106dc689206610cfa2098f593fdd1e020c997835
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< ec55a86f7fba7d9111df94b9c11a4755ed492995
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< 8fdbb6262a4a3ed44a0830a7793903b54bb27bdc
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< d95cea9298be1ba8876e3f156be96d3a492085ca
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< 033370ffb3c9c0264d19f8ba9ef769523266589a
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< b3cb8cae530b2727d8245684148bb49425f6765c
`0d4597c8c5abdeeaf50774066c16683f30184dc8`	affected	< 8141a2dc70080eda1aedc0389ed2db2b292af5bd

Linux

affected

Version	Status	Constraints
`5.6`	affected	—
`0`	unaffected	< 5.6
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.6:-::::::
	cpe:2.3:o:linux:linux_kernel:5.6:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.6:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.6:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.6:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.6:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0d4597c8c5abdeeaf50774066c16683f30184dc8,8fdbb6262a4a3ed44a0830a7793903b54bb27bdc)`	affected	code_commit	—
`[0d4597c8c5abdeeaf50774066c16683f30184dc8,d95cea9298be1ba8876e3f156be96d3a492085ca)`	affected	code_commit	—
`[0d4597c8c5abdeeaf50774066c16683f30184dc8,033370ffb3c9c0264d19f8ba9ef769523266589a)`	affected	code_commit	—
`[0d4597c8c5abdeeaf50774066c16683f30184dc8,b3cb8cae530b2727d8245684148bb49425f6765c)`	affected	code_commit	—
`[0d4597c8c5abdeeaf50774066c16683f30184dc8,8141a2dc70080eda1aedc0389ed2db2b292af5bd)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.6`	affected	generic	—
`[0,5.6)`	unaffected	semver	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00129.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/033370ffb3c9c0264d19f8ba9ef769523266589a
https://git.kernel.org/stable/c/106dc689206610cfa2098f593fdd1e020c997835
https://git.kernel.org/stable/c/8141a2dc70080eda1aedc0389ed2db2b292af5bd
https://git.kernel.org/stable/c/8fdbb6262a4a3ed44a0830a7793903b54bb27bdc
https://git.kernel.org/stable/c/91a44b406bc1f9e1c5da0cb7d0d5991b43b79147
https://git.kernel.org/stable/c/b3cb8cae530b2727d8245684148bb49425f6765c
https://git.kernel.org/stable/c/d95cea9298be1ba8876e3f156be96d3a492085ca
https://git.kernel.org/stable/c/ec55a86f7fba7d9111df94b9c11a4755ed492995
https://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46053-a24e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46053
https://www.cve.org/CVERecord?id=CVE-2026-46053

History

Tue, 16 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:5.6:-:::::: cpe:2.3:o:linux:linux_kernel:5.6:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.6:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.6:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.6:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.6:rc7::::::

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/106dc689206610cfa2098f593fdd1e020c997835 https://git.kernel.org/stable/c/91a44b406bc1f9e1c5da0cb7d0d5991b43b79147 https://git.kernel.org/stable/c/ec55a86f7fba7d9111df94b9c11a4755ed492995

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 28 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-415

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46053-a24e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46053 https://www.cve.org/CVERecord?id=CVE-2026-46053
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 27 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-415

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those resources again before dropping the MR reference. Remove the duplicate unpin/free from the put_user() failure branch so that MR teardown is handled only through the existing final cleanup path.
Title		net: rds: fix MR cleanup on copy error
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/033370ffb3c9c0264d19f8ba9ef769523266589a https://git.kernel.org/stable/c/8141a2dc70080eda1aedc0389ed2db2b292af5bd https://git.kernel.org/stable/c/8fdbb6262a4a3ed44a0830a7793903b54bb27bdc https://git.kernel.org/stable/c/b3cb8cae530b2727d8245684148bb49425f6765c https://git.kernel.org/stable/c/d95cea9298be1ba8876e3f156be96d3a492085ca

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:57:11.870Z

Updated: 2026-06-14T17:50:56.216Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46053

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:24.937

Modified: 2026-06-17T10:52:59.187

Link: CVE-2026-46053

Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46053 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-18T07:45:03Z

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object