In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those resources again before dropping the MR reference. Remove the duplicate unpin/free from the put_user() failure branch so that MR teardown is handled only through the existing final cleanup path.

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) network protocol. When handling memory registration (MR) cleanup, specifically during the process of copying generated cookies back to user space, an error in the cleanup path could lead to resources being freed multiple times. This incorrect resource handling could result in system instability or a denial of service.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Under investigation kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46053 https://nvd.nist.gov/vuln/detail/CVE-2026-46053 https://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46053-a24e@gregkh/T