{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46189","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.104Z","datePublished":"2026-05-28T09:36:43.205Z","dateUpdated":"2026-07-09T12:09:53.939Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T18:01:23.441Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path\n\nSashiko points out that pvrdma_uar_free() is already called within\npvrdma_dealloc_ucontext(), so calling it before triggers a double free."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c"],"versions":[{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"269967d7693304e1f06ed2dff4ebbbeeb397cda4","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"1df5711121cdc11e76b889408fdbe459feba1d39","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"3a231c34c5bc3d3cfc850b877758ec9fdaa8a483","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"ecc36a82ecfcfdf3c6606d209f22ec5543c410e0","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"0c63333ff97bd1275294fd12840a0efe9d7a4c59","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"935ee27d0904aa944cbcc979094c20e5ef62eead","status":"affected","versionType":"git"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"e38e86995df27f1f854063dab1f0c6a513db3faf","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c"],"versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.12.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.18.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"7.0.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/269967d7693304e1f06ed2dff4ebbbeeb397cda4"},{"url":"https://git.kernel.org/stable/c/1df5711121cdc11e76b889408fdbe459feba1d39"},{"url":"https://git.kernel.org/stable/c/3a231c34c5bc3d3cfc850b877758ec9fdaa8a483"},{"url":"https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0"},{"url":"https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0"},{"url":"https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59"},{"url":"https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead"},{"url":"https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf"}],"title":"RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux BaseOS (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CRB (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux NFV (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux RT (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Real Time (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"}],"datePublic":"2026-05-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the Linux kernel, specifically within the RDMA (Remote Direct Memory Access) vmw_pvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the `pvrdma_alloc_ucontext()` function. Exploiting this flaw could lead to memory corruption or cause the system to become unavailable, resulting in a denial of service (DoS)."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1341","description":"Multiple Releases of Same Resource or Handle","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-46189"},{"name":"RHBZ#2482588","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482588"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46189.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33685"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36073"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36767"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:30848"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33743"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36049"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:35904"}],"solutions":[{"lang":"en","value":"RHSA-2026:33685: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"},{"lang":"en","value":"RHSA-2026:36073: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:36767: Red Hat Enterprise Linux AppStream E4S (v.9.4), Red Hat Enterprise Linux BaseOS E4S (v.9.4), Red Hat Enterprise Linux Real Time E4S (v.9.4), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)"},{"lang":"en","value":"RHSA-2026:30848: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"},{"lang":"en","value":"RHSA-2026:33743: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"},{"lang":"en","value":"RHSA-2026:36049: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"},{"lang":"en","value":"RHSA-2026:35904: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"}],"timeline":[{"lang":"en","time":"2026-05-28T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-28T00:00:00.000Z","value":"Made public."}],"title":"kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-09T12:09:53.939Z"}}]}}