HarborGuard / CVE
Back to search
HIGHCVE-2026-46178Published Modified CNA Linux

CVE-2026-46178: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during error unwind, add the missing call to mlx4_srq_free().

HarborGuard Analysis

HarborGuard analysis

Synopsis

A resource leak vulnerability exists in the Linux kernel's RDMA/mlx4 driver, specifically in the mlx4_ib_create_srq() function. The flaw is reachable locally by a low-privileged user and requires no interaction from any other user; successful exploitation gives an attacker full read, write, and crash capability over the affected component. Patched-image rebuilds at versions 6.6.140 and 6.12.88 are available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-46178 is ingested from upstream Linux kernel advisory feeds within minutes of publication and matched against all customer images, including custom-built images that carry an affected kernel version. Coverage applies to both registry-stored images and images evaluated inline during CI/CD pipeline runs.

Available
Triage

HarborGuard scores this CVE at 7.8 HIGH using the CVSS v3.1 vector and weights it against each environment's compliance policy to determine urgency and routing. Triage tickets are directed to the appropriate team inbox within each customer organization based on workload ownership and policy configuration.

Available
Patch

A patched-image rebuild at Linux kernel versions 6.6.140 and 6.12.88 becomes available on HarborGuard once an image containing an affected kernel version is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network access to the target is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient to trigger the vulnerable code path.

  • Victim interactionNot required

    No other user needs to take any action; the attacker can trigger the flaw entirely on their own.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race condition, memory-layout dependency, or special environmental state is required.

Blast Radius

  • Reads kernel memory contents, including data belonging to other processes or security-sensitive structures.
  • Writes to or corrupts kernel data structures, enabling privilege escalation or manipulation of system state.
  • Crashes the host kernel by exhausting or corrupting RDMA/mlx4 driver resources through the unfreed SRQ allocation.
  • Persistent access to RDMA subsystem internals may allow an attacker to affect other workloads sharing the same physical or virtual host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46178 activates the moment the advisory is ingested, flagging any image that carries a Linux kernel version prior to 6.6.140 or 6.12.88 in the affected commit range. Where compliance policy permits, a rebuilt image at the patched kernel version is prepared automatically; customers with auto-remediation enabled receive the rebuilt image, a regression-test run, and a PR opened against affected workloads, with a median time to merged patch PR of around 90 minutes for high-severity issues. For environments where an immediate kernel upgrade is not feasible, compensating controls include restricting access to RDMA device nodes via Linux capability controls (CAP_NET_ADMIN or device-level permissions), applying network-policy isolation to workloads that use mlx4 hardware, and pinning affected pods to nodes pending a scheduled maintenance window for the kernel update.

See how HarborGuard automates this

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

00dbd619716fb07b7de1acd64fec673ee6e1adde7388617f44d81604a760742a0b5de292d411e63e36.6.1406.12.886.18.307.0.77.1-rc3c54c7e4cb679c0aaa1cb489b9c3f2cd98e63a44cc5dc30da990045105c9762248d23076223e7878ae01b8c9286c470b71a38acd320106f2c4f2826a1
Affected packages
  • Linux / Linux
    < c5dc30da990045105c9762248d23076223e7878a (from 225c7b1feef1b41170f7037a5b10a65cd8a42c54) · < 0dbd619716fb07b7de1acd64fec673ee6e1adde7 (from 225c7b1feef1b41170f7037a5b10a65cd8a42c54) · < e01b8c9286c470b71a38acd320106f2c4f2826a1 (from 225c7b1feef1b41170f7037a5b10a65cd8a42c54) · < 388617f44d81604a760742a0b5de292d411e63e3 (from 225c7b1feef1b41170f7037a5b10a65cd8a42c54) · < c54c7e4cb679c0aaa1cb489b9c3f2cd98e63a44c (from 225c7b1feef1b41170f7037a5b10a65cd8a42c54)
  • Linux / Linux
    2.6.22
    Fixed in 0, 6.6.140, 6.12.88, 6.18.30, 7.0.7, 7.1-rc3
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References