CVE-2026-46189

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 269967d7693304e1f06ed2dff4ebbbeeb397cda4affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 1df5711121cdc11e76b889408fdbe459feba1d39affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 3a231c34c5bc3d3cfc850b877758ec9fdaa8a483affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < ecc36a82ecfcfdf3c6606d209f22ec5543c410e0affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 0c63333ff97bd1275294fd12840a0efe9d7a4c59affected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < 935ee27d0904aa944cbcc979094c20e5ef62eeadaffected
LinuxLinux29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 < e38e86995df27f1f854063dab1f0c6a513db3fafaffected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.88 <= 6.12.*unaffected
LinuxLinux6.18.30 <= 6.18.*unaffected
LinuxLinux7.0.7 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

ADP Enrichment

kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

Additional References

References