📄 Description (English)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umem: Fix double dma_buf_unpin in failure path
In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to
ib_umem_dmabuf_map_pages() can fail. If this occurs, the dmabuf
is immediately unpinned but the umem_dmabuf->pinned flag is still
set. Then, when ib_umem_release() is called, it calls
ib_umem_dmabuf_revoke() which will call dma_buf_unpin() again.
Fix this by removing the immediate unpin upon failure and just let
the ib_umem_release/revoke path handle it. This also ensures the
proper unmap-unpin unwind ordering if the dmabuf_map_pages call
happened to fail due to dma_resv_wait_timeout (and therefore has
a non-NULL umem_dmabuf->sgt).
🤖 AI Executive Summary
CVE-2026-43128 is a double-free vulnerability in the Linux kernel's RDMA/umem subsystem affecting DMA buffer management. The flaw occurs when ib_umem_dmabuf_map_pages() fails, causing improper cleanup that leads to a second unpin attempt during resource release. This can cause kernel crashes, memory corruption, or potential privilege escalation on systems using RDMA over DMA buffers.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 10, 2026 19:20
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations running high-performance computing (HPC) clusters, data centers, and research institutions utilizing RDMA technology. Critical sectors affected include: ARAMCO (upstream/downstream computing infrastructure), KAUST (research computing), Saudi Aramco Energy Ventures (data processing), telecommunications providers (STC, Mobily) using RDMA for network optimization, and government data centers under NCA oversight. Financial institutions (SAMA-regulated banks) using RDMA-accelerated trading systems face potential service disruption and data integrity risks.
🏢 Affected Saudi Sectors
Energy (ARAMCO, oil/gas infrastructure)
Government (NCA-regulated entities, data centers)
Research & Academia (KAUST, universities)
Telecommunications (STC, Mobily, Zain)
Banking & Finance (SAMA-regulated institutions)
Healthcare (MNGHA, private hospitals with HPC)
Data Centers & Cloud Providers
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all Linux systems running kernel versions 7.0-rc1 and earlier with RDMA/umem modules enabled
2. Check system logs for RDMA-related errors or kernel panics
3. Disable RDMA services if not critical until patching is completed
Patching Guidance:
1. Apply the latest stable Linux kernel patch that includes the RDMA/umem double-unpin fix
2. Prioritize patching for systems with active RDMA workloads
3. Test patches in non-production environments first
4. Schedule maintenance windows for kernel updates with minimal service impact
Compensating Controls (if immediate patching unavailable):
1. Implement strict access controls to RDMA-enabled interfaces
2. Monitor kernel logs for dma_buf_unpin errors and memory corruption indicators
3. Isolate RDMA workloads to dedicated, monitored systems
4. Implement memory protection mechanisms (SMEP, SMAP if available)
Detection Rules:
1. Monitor for kernel panic messages containing 'dma_buf_unpin' or 'ib_umem_dmabuf'
2. Alert on repeated RDMA allocation/deallocation failures
3. Track kernel memory corruption indicators in dmesg
4. Monitor for unexpected process terminations on RDMA-enabled systems
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أنظمة Linux التي تعمل بإصدارات kernel 7.0-rc1 وأقدم مع تفعيل وحدات RDMA/umem
2. فحص سجلات النظام للأخطاء المتعلقة بـ RDMA أو انهيارات kernel
3. تعطيل خدمات RDMA إذا لم تكن حرجة حتى يتم تطبيق التصحيحات
إرشادات التصحيح:
1. تطبيق أحدث تصحيح kernel مستقر يتضمن إصلاح double-unpin في RDMA/umem
2. إعطاء الأولوية لتصحيح الأنظمة ذات أحمال عمل RDMA النشطة
3. اختبار التصحيحات في بيئات غير الإنتاج أولاً
4. جدولة نوافذ الصيانة لتحديثات kernel بأقل تأثير على الخدمة
الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):
1. تنفيذ ضوابط وصول صارمة لواجهات RDMA
2. مراقبة سجلات kernel لأخطاء dma_buf_unpin ومؤشرات تلف الذاكرة
3. عزل أحمال عمل RDMA على أنظمة مخصصة ومراقبة
4. تنفيذ آليات حماية الذاكرة (SMEP, SMAP إن أمكن)
قواعد الكشف:
1. مراقبة رسائل انهيار kernel التي تحتوي على 'dma_buf_unpin' أو 'ib_umem_dmabuf'
2. التنبيه على فشل تخصيص/إلغاء تخصيص RDMA المتكرر
3. تتبع مؤشرات تلف ذاكرة kernel في dmesg
4. مراقبة إنهاء العمليات غير المتوقعة على الأنظمة المفعلة لـ RDMA
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - System security configuration and patch management
DE.CM-3 - Monitoring and detection of anomalies
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development and change management
A.12.4.1 - Event logging and monitoring
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 11.2 - Vulnerability scanning
🔗 References & Sources 6
🔗
https://git.kernel.org/stable/c/104016eb671e19709721c1b0048dd912dc2e96be
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/40126bcbefa79ea86672e05dae608596bab38319
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/70542b69abff34d24b11ae0bb200cc7a766d18df
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/b324327ff6f48d8065dca67eb3b91357e72726bd
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/ba3bf0f1bf1d5d0404678485e872980532fcc2c4
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
🔗
https://git.kernel.org/stable/c/d3e32e2f3262f1b25d77c085ace38e2cc4ad75cf
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
📦 Affected Products / CPE 6 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel:7.0