CVE-2026-23289

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() Fix a user triggerable leak on the system call failure path.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1	Patch
https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3	Patch
https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a	Patch
https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02	Patch
https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0	Patch
https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52	Patch
https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b	Patch
https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::

History

29 May 2026, 15:22

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1 -~~	() https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1 - Patch
References	~~() https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3 -~~	() https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3 - Patch
References	~~() https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a -~~	() https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a - Patch
References	~~() https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02 -~~	() https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02 - Patch
References	~~() https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0 -~~	() https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0 - Patch
References	~~() https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52 -~~	() https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52 - Patch
References	~~() https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b -~~	() https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b - Patch
References	~~() https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292 -~~	() https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo

18 Apr 2026, 09:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3 - () https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a -
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: IB/mthca: Añadir mthca_unmap_user_db() que se había omitido para mthca_create_srq() Corregir una fuga activable por el usuario en la ruta de fallo de la llamada al sistema.

25 Mar 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 11:16

Updated : 2026-05-29 15:22

NVD link : CVE-2026-23289

Mitre link : CVE-2026-23289

CVE.ORG link : CVE-2026-23289

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10