External risk intelligence

Linux Kernel RDMA Vulnerability Allows Packet Underflow

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-46043

A vulnerability in the Linux kernel's RDMA component could allow specially crafted network packets to cause an integer underflow, potentially leading to system instability or unauthorized data access. This issue stems from insufficient validation of packet lengths and padding during data reception.

2Halo Surface Signal

Linux Kernel

4.8 to before 5.10.2585.11 to before 5.15.2095.16 to before 6.1.1756.2 to before 6.6.1406.7 to before 6.12.866.13 to before 6.18.276.19 to before 7.0.4

External exposure likelihood

Halo Surface Signal score for CVE-2026-46043

The vulnerability exists in the Linux kernel's RDMA (Remote Direct Memory Access) implementation. RDMA/RoCE protocols are specialized high-performance interconnects typically used in private data center fabrics or internal cluster networks, not directly exposed to the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-46043

No

CVE-2026-46043 — Halo PCI Relevance: No. Under typical PCI ASV criteria, this issue is not expected to affect external scan prioritization.

This Linux kernel vulnerability is a denial-of-service flaw and does not directly impact the confidentiality or integrity of cardholder data, thus it is not considered relevant for PCI ASV scan failures.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This advisory addresses a flaw in the Linux kernel's handling of network data reception, specifically within the RDMA/rxe component. The issue could allow for incorrect processing of data lengths, potentially leading to system instability or unauthorized data access if exploited. The main concern is confirming relevance and exposure.

  • A Linux kernel flaw affects data handling.
  • It could lead to system instability or data access.
  • Confirm if this impacts our Linux systems.

Attack Path

How an attacker could exploit the issue

An attacker could send specially crafted network packets to a Linux system utilizing RDMA over Converged Ethernet (RoCE). The system's network processing component would then miscalculate the size of the incoming data. This miscalculation could allow the attacker to trigger the vulnerability, potentially leading to unauthorized data access or denial of service.

  • Requires network access.
  • Packet manipulation triggers underflow.
  • Data corruption or denial of service.

Live Threat

Current exploitation, exposure, and threat context

The Linux kernel's RDMA implementation could be susceptible to an integer underflow when processing incoming packets. This occurs because the system does not sufficiently validate packet lengths and padding before calculating the payload size, potentially leading to unexpected behavior or crashes.

  • Network packet processing.
  • Maliciously crafted packets can be sent.
  • Unpredictable service behavior or crashes.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) implementation, specifically within the `rxe_rcv` function, impacts systems utilizing RDMA/RoCE. Infrastructure or platform teams responsible for managing the Linux kernel and its networking components are likely owners. The immediate first step should be to identify all systems running affected kernel versions and assess their exposure to potential attack vectors, particularly those that might be reachable by untrusted input through RDMA-enabled network paths.

  • Linux kernel and infrastructure teams.
  • Confirm RDMA reachability and critical systems.
  • Plan kernel maintenance for affected systems.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the RDMA/rxe component in the Linux kernel?

The RDMA/rxe component is the software implementation of the Remote Direct Memory Access (RDMA) protocol suite within the Linux kernel. It allows systems to transfer data directly between memory regions across a network, bypassing much of the operating system's standard networking stack to achieve very high performance and low latency. It is commonly used in high-speed data center fabrics, storage clusters, and high-performance computing environments.

What is the vulnerability in CVE-2026-46043?

This vulnerability is an integer underflow flaw occurring during network packet processing. It happens when the software incorrectly calculates the size of a data payload. By providing a specially crafted packet with misleading length or padding values, an attacker can cause the kernel to compute a negative size, which leads to improper memory handling and potential system instability.

How can an attacker trigger this kernel flaw?

An attacker triggers this by sending a malformed network packet to a system using the RDMA/rxe component. The vulnerability is specifically caused by insufficient validation of packet lengths; simply sending valid or standard traffic will not trigger the bug. It requires an intentionally crafted packet designed to force the kernel's payload calculation to underflow.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal identifies this risk as unlikely for systems directly exposed to the public internet. RDMA and RoCE protocols are typically confined to private data center fabrics or isolated internal cluster networks. Because these specialized protocols are rarely reachable from the public internet, the practical surface area for such attacks is generally restricted to internal network segments.

What should I do if my systems use affected kernels?

Start by identifying all infrastructure running the versions of the Linux kernel listed in the advisory. Once identified, evaluate which of those systems participate in RDMA-enabled network paths. Prioritize these systems for kernel updates, as the recommended path to resolve this issue is to apply the security patches provided by your Linux distribution or upstream kernel maintainers.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified