CVE-2026-23289 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()

Fix a user triggerable leak on the system call failure path.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< 11ac61f4e9b7c48b0dd44661765e5ace3c441aa3
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< 72fcfd4df46f2ee684c4776664d0cfc6c1746c9a
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< f67f1ad4029e9fa183141546de31987b254c9292
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< d0148965dbca8cc8efa7e3d6e99940487bf661c0
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< da8eaa73bc37d004350ba68eb18b6ade8e49db52
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< deee46b37ebd8cc5ff810127883fca90f2412a7b
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< 972b72d7e2d8fe1400f1c7a8304c282c539b7e02
`ec34a922d243c3401a694450734e9effb2bafbfe`	affected	< 117942ca43e2e3c3d121faae530989931b7f67e1

Linux

affected

Version	Status	Constraints
`2.6.14`	affected	—
`0`	unaffected	< 2.6.14
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1
https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3
https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a
https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02
https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0
https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52
https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b
https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292
https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23289-aa54@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23289
https://www.cve.org/CVERecord?id=CVE-2026-23289

History

Sat, 18 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3 https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23289-aa54@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23289 https://www.cve.org/CVERecord?id=CVE-2026-23289
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() Fix a user triggerable leak on the system call failure path.
Title		IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1 https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02 https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0 https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52 https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:26:48.207Z

Updated: 2026-04-18T08:57:39.473Z

Reserved: 2026-01-13T15:37:45.992Z

Link: CVE-2026-23289

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:23.887

Modified: 2026-04-18T09:16:16.707

Link: CVE-2026-23289

Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23289 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:50:16Z

Weaknesses

CWE-772

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object