CVE-2026-46036
mediumVulnerability Report
Generated by CyberWatcher
Description
A flaw was found in the Linux kernel's vfio/cdx component. A race condition can occur during concurrent VFIO_DEVICE_SET_IRQS ioctls (input/output control calls), specifically within the vfio_cdx_set_msi_trigger() function. This allows two callers to interact in a way that leads to a use-after-free vulnerability of the cdx_irqs array. A local attacker could exploit this to cause a denial of service or potentially achieve privilege escalation.
CWE
CWE-820Affected Products
Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9