In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails after the new umem is allocated, it releases the umem, but does not set iwmr->region to NULL. The problem is that this failure is propagated to the user, who will then call ibv_dereg_mr (as they should). Then, the dereg_mr path will see a non-NULL umem and attempt to call ib_umem_release again. Fix this by setting iwmr->region to NULL after ib_umem_release. Fixed: 5ac388db27c4 ("RDMA/irdma: Add support to re-register a memory region")

A flaw was found in the Linux kernel's RDMA (Remote Direct Memory Access) irdma driver. This vulnerability, a double free, occurs during the re-registration of user memory regions. If an internal memory re-registration operation fails, the system attempts to free the same memory twice. This could allow a local attacker to cause memory corruption, potentially leading to a system crash (denial of service).

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43120 https://nvd.nist.gov/vuln/detail/CVE-2026-43120 https://lore.kernel.org/linux-cve-announce/2026050628-CVE-2026-43120-80f4@gregkh/T