📄 Description (English)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix double free related to rereg_user_mr
If IB_MR_REREG_TRANS is set during rereg_user_mr, the
umem will be released and a new one will be allocated
in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans
fails after the new umem is allocated, it releases the umem,
but does not set iwmr->region to NULL. The problem is that
this failure is propagated to the user, who will then call
ibv_dereg_mr (as they should). Then, the dereg_mr path will
see a non-NULL umem and attempt to call ib_umem_release again.
Fix this by setting iwmr->region to NULL after ib_umem_release.
Fixed: 5ac388db27c4 ("RDMA/irdma: Add support to re-register a memory region")
🤖 AI Executive Summary
CVE-2026-43120 is a double-free vulnerability in the Linux kernel's RDMA/irdma driver affecting memory region re-registration operations. When IB_MR_REREG_TRANS is set and irdma_rereg_mr_trans fails after allocating new memory, the iwmr->region pointer is not nullified, leading to a second release attempt during deregistration. This can cause kernel memory corruption, denial of service, or potential privilege escalation on affected systems.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 13, 2026 02:34
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations running RDMA-enabled infrastructure, particularly: (1) Banking sector (SAMA-regulated institutions) utilizing high-performance computing for financial modeling and risk analysis; (2) Government entities (NCA oversight) operating data centers with RDMA networking; (3) Energy sector (ARAMCO, SEC) using RDMA for real-time data processing in industrial control systems; (4) Telecommunications (STC, Mobily) deploying RDMA in data center interconnects. The double-free vulnerability could lead to kernel crashes, data corruption, or privilege escalation affecting critical infrastructure availability and data integrity.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Energy and Utilities
Telecommunications
Healthcare
Data Centers and Cloud Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify systems running Linux kernel versions 5.x through 7.0-rc5 with RDMA/irdma driver enabled
2. Check for active RDMA memory region re-registration operations in production environments
3. Implement kernel module blacklisting for irdma if RDMA is not essential
Patching Guidance:
1. Apply Linux kernel patch commit 5ac388db27c4 or later stable kernel version
2. Prioritize patching for systems handling real-time RDMA operations
3. Test patches in staging environment before production deployment
4. Schedule maintenance windows for kernel updates with minimal service disruption
Compensating Controls (if immediate patching unavailable):
1. Disable RDMA memory region re-registration features at application level
2. Implement strict access controls limiting RDMA operations to trusted processes
3. Monitor kernel logs for memory corruption indicators (kernel panics, segmentation faults)
4. Deploy kernel address space layout randomization (ASLR) and stack canaries
Detection Rules:
1. Monitor for kernel panic messages containing 'irdma' or 'RDMA' in system logs
2. Alert on repeated ib_umem_release calls for same memory region within short timeframe
3. Track failed IB_MR_REREG_TRANS operations followed by ibv_dereg_mr calls
4. Monitor kernel memory allocation/deallocation patterns for double-free signatures
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد الأنظمة التي تقوم بتشغيل إصدارات نواة Linux من 5.x إلى 7.0-rc5 مع تمكين برنامج تشغيل RDMA/irdma
2. التحقق من عمليات إعادة تسجيل منطقة ذاكرة RDMA النشطة في بيئات الإنتاج
3. تنفيذ إدراج وحدة النواة في القائمة السوداء لـ irdma إذا لم تكن RDMA ضرورية
إرشادات التصحيح:
1. تطبيق تصحيح نواة Linux commit 5ac388db27c4 أو إصدار نواة مستقرة أحدث
2. إعطاء الأولوية لتصحيح الأنظمة التي تتعامل مع عمليات RDMA في الوقت الفعلي
3. اختبار التصحيحات في بيئة التجميع قبل نشرها في الإنتاج
4. جدولة نوافذ الصيانة لتحديثات النواة مع الحد الأدنى من انقطاع الخدمة
الضوابط التعويضية (إذا لم يكن التصحيح الفوري متاحاً):
1. تعطيل ميزات إعادة تسجيل منطقة ذاكرة RDMA على مستوى التطبيق
2. تنفيذ ضوابط وصول صارمة تحد من عمليات RDMA للعمليات الموثوقة
3. مراقبة سجلات النواة للكشف عن مؤشرات تلف الذاكرة (أعطال النواة، أخطاء التجزئة)
4. نشر عشوائية تخطيط مساحة العنوان للنواة (ASLR) وحماية المكدس
قواعد الكشف:
1. مراقبة رسائل أعطال النواة التي تحتوي على 'irdma' أو 'RDMA' في سجلات النظام
2. التنبيه على استدعاءات ib_umem_release المتكررة لنفس منطقة الذاكرة في إطار زمني قصير
3. تتبع عمليات IB_MR_REREG_TRANS الفاشلة متبوعة باستدعاءات ibv_dereg_mr
4. مراقبة أنماط تخصيص/إلغاء تخصيص ذاكرة النواة للتوقيعات المزدوجة الحرة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities in systems
ECC 2024 A.14.2.1 - Secure development policy and procedures
ECC 2024 A.12.3.1 - Installation of software on operational systems
🔵 SAMA CSF
SAMA CSF ID.BE-5.1 - Cybersecurity risk management strategy
SAMA CSF PR.IP-12 - A vulnerability management plan is developed and implemented
SAMA CSF DE.CM-8 - Vulnerability scans are performed
🟡 ISO 27001:2022
ISO 27001:2022 A.12.3.1 - Installation of software on operational systems
ISO 27001:2022 A.14.2.1 - Secure development policy and procedures
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Ensure that all system components and software are protected from known vulnerabilities
🔗 References & Sources 5
🔗
https://git.kernel.org/stable/c/0c5d70bcb9d2275a1c8515a924016fcfeb4ab441
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/0f22c32141acdcda266b26cab2b830baf870f3e0
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/29a3edd7004bb635d299fb9bc6f0ea4ef13ed5a2
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/62298a48f8b8788ad8b8464e6ffdf1ddebd2217e
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/66964118f1f50ed85001c8fc9f7ab5bbdd021ee0
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
📦 Affected Products / CPE 9 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0