{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46053", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.094Z", "datePublished": "2026-05-27T12:57:11.870Z", "dateUpdated": "2026-06-01T16:17:45.226Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-01T16:17:45.226Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix MR cleanup on copy error\n\n__rds_rdma_map() hands sg/pages ownership to the transport after\nget_mr() succeeds. If copying the generated cookie back to user space\nfails after that point, the error path must not free those resources\nagain before dropping the MR reference.\n\nRemove the duplicate unpin/free from the put_user() failure branch so\nthat MR teardown is handled only through the existing final cleanup\npath."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/rdma.c"], "versions": [{"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "91a44b406bc1f9e1c5da0cb7d0d5991b43b79147", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "106dc689206610cfa2098f593fdd1e020c997835", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "ec55a86f7fba7d9111df94b9c11a4755ed492995", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "8fdbb6262a4a3ed44a0830a7793903b54bb27bdc", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "d95cea9298be1ba8876e3f156be96d3a492085ca", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "033370ffb3c9c0264d19f8ba9ef769523266589a", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "b3cb8cae530b2727d8245684148bb49425f6765c", "status": "affected", "versionType": "git"}, {"version": "0d4597c8c5abdeeaf50774066c16683f30184dc8", "lessThan": "8141a2dc70080eda1aedc0389ed2db2b292af5bd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/rdma.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/91a44b406bc1f9e1c5da0cb7d0d5991b43b79147"}, {"url": "https://git.kernel.org/stable/c/106dc689206610cfa2098f593fdd1e020c997835"}, {"url": "https://git.kernel.org/stable/c/ec55a86f7fba7d9111df94b9c11a4755ed492995"}, {"url": "https://git.kernel.org/stable/c/8fdbb6262a4a3ed44a0830a7793903b54bb27bdc"}, {"url": "https://git.kernel.org/stable/c/d95cea9298be1ba8876e3f156be96d3a492085ca"}, {"url": "https://git.kernel.org/stable/c/033370ffb3c9c0264d19f8ba9ef769523266589a"}, {"url": "https://git.kernel.org/stable/c/b3cb8cae530b2727d8245684148bb49425f6765c"}, {"url": "https://git.kernel.org/stable/c/8141a2dc70080eda1aedc0389ed2db2b292af5bd"}], "title": "net: rds: fix MR cleanup on copy error", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix MR cleanup on copy error\n\n__rds_rdma_map() hands sg/pages ownership to the transport after\nget_mr() succeeds. If copying the generated cookie back to user space\nfails after that point, the error path must not free those resources\nagain before dropping the MR reference.\n\nRemove the duplicate unpin/free from the put_user() failure branch so\nthat MR teardown is handled only through the existing final cleanup\npath."}], "id": "CVE-2026-46053", "lastModified": "2026-06-01T17:17:21.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-27T14:17:24.937", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/033370ffb3c9c0264d19f8ba9ef769523266589a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/106dc689206610cfa2098f593fdd1e020c997835"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8141a2dc70080eda1aedc0389ed2db2b292af5bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8fdbb6262a4a3ed44a0830a7793903b54bb27bdc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91a44b406bc1f9e1c5da0cb7d0d5991b43b79147"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b3cb8cae530b2727d8245684148bb49425f6765c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d95cea9298be1ba8876e3f156be96d3a492085ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec55a86f7fba7d9111df94b9c11a4755ed492995"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: rds: fix MR cleanup on copy error", "id": "2481966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481966"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-763", "details": ["A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) network protocol. When handling memory registration (MR) cleanup, specifically during the process of copying generated cookies back to user space, an error in the cleanup path could lead to resources being freed multiple times. This incorrect resource handling could result in system instability or a denial of service."], "name": "CVE-2026-46053", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46053\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46053\nhttps://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46053-a24e@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0d4597c8c5abdeeaf50774066c16683f30184dc8,8fdbb6262a4a3ed44a0830a7793903b54bb27bdc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0d4597c8c5abdeeaf50774066c16683f30184dc8,d95cea9298be1ba8876e3f156be96d3a492085ca)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0d4597c8c5abdeeaf50774066c16683f30184dc8,033370ffb3c9c0264d19f8ba9ef769523266589a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0d4597c8c5abdeeaf50774066c16683f30184dc8,b3cb8cae530b2727d8245684148bb49425f6765c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0d4597c8c5abdeeaf50774066c16683f30184dc8,8141a2dc70080eda1aedc0389ed2db2b292af5bd)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.140,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.86,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.27,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T20:30:40.558435+00:00", "updated": "2026-05-30T12:45:23.680462+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}