CVE-2026-46181
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash if an event is delivered before the srq object is finished initializing. Use the spinlock since it isn't easy to make RCU work, use refcount_inc_not_zero() to protect against partially initialized objects, and order the refcount_set() to be after the srq is fully initialized.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 7.0.7-1 |
| debian | sid | fixed | 7.0.7-1 |
| debian | trixie | affected | |
| sles | affected | |
References
- https://git.kernel.org/stable/c/1e2a44875b6afb4add1115f7f3351dcbeb6f273d
- https://git.kernel.org/stable/c/8b7833f3bce35cb0d01c1503781523c099c675f0
- https://git.kernel.org/stable/c/c9341307ea16b9395c2e4c9c94d8499d91fe31d0
- https://security-tracker.debian.org/tracker/CVE-2026-46181
- https://www.suse.com/security/cve/CVE-2026-46181.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.