CVE-2026-46036

medium Red Hat
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's vfio/cdx component. A race condition can occur during concurrent VFIO_DEVICE_SET_IRQS ioctls (input/output control calls), specifically within the vfio_cdx_set_msi_trigger() function. This allows two callers to interact in a way that leads to a use-after-free vulnerability of the cdx_irqs array. A local attacker could exploit this to cause a denial of service or potentially achieve privilege escalation.

CWE

CWE-820

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References