External risk intelligence

Linux Kernel RDMA iova-to-va Conversion Flaw

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-46325

A vulnerability in the Linux kernel's RDMA subsystem could cause incorrect memory conversions when handling memory regions with non-standard page sizes. This could lead to system instability if reachable. The issue impacts the integrity of system memory mapping during RDMA operations.A vulnerability in the Linux kernel

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-46325

This vulnerability is located deep within the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically related to memory registration (MR) handling. RDMA is a low-level, high-performance networking protocol typically restricted to isolated data center fabrics or high-speed internal cluster interconnects, not exposed to the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-46325

CVE-2026-46325 — Halo PCI Relevance: No. Under typical PCI ASV criteria, this issue is not expected to affect external scan prioritization.

This vulnerability in the Linux kernel's RDMA subsystem does not appear to be relevant to PCI scans as it relates to specific memory management for RDMA operations rather than direct card interaction.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in the Linux kernel's RDMA subsystem could lead to incorrect memory conversions, potentially causing system instability. This issue arises when handling memory regions with page sizes that differ from the system's standard page size.

Kernel memory conversion errors identified.
Confirms relevance and exposure of this low-level kernel issue.
Understand kernel memory handling for diverse systems.

Attack Path

How an attacker could exploit the issue

An attacker could potentially trigger this vulnerability by sending specially crafted RDMA network traffic. This would involve interacting with the Linux kernel's RDMA subsystem, specifically targeting memory regions (MRs) that have page sizes differing from the system's standard page size. Successful exploitation could lead to unpredictable behavior, including system instability or crashes.

Requires access to the RDMA subsystem.
Triggered by incorrect memory region page size handling.
Could lead to kernel panic and system instability.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability affects how the Linux kernel converts virtual addresses used by RDMA Memory Regions (MRs) to physical addresses, specifically when the MR's page size differs from the system's page size. This misconversion could lead to unexpected behavior or data corruption under specific conditions related to RDMA operations.

System memory mapping integrity.
Incorrect address translation during RDMA operations.
Potential for kernel instability or data corruption.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Given that this vulnerability resides within the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, it is unlikely to be directly exposed to external networks. The primary responsibility for addressing this issue likely falls on the infrastructure or platform teams managing the systems that utilize RDMA. The first practical step is to identify any systems using RDMA with custom memory page sizes, confirm their business criticality and network exposure, and then engage the platform or infrastructure owner to plan remediation, potentially involving vendor coordination for kernel updates.

Infrastructure or platform teams own the issue.
Verify RDMA usage and custom page size configurations.
Plan kernel updates or vendor engagement for remediation.

Frequently asked questions

What is the Linux kernel RDMA/rxe component?

The RDMA/rxe component is a software implementation of Remote Direct Memory Access within the Linux kernel. It allows high-speed, low-latency data communication between computers by enabling direct access to memory across a network. It is primarily used in data centers and high-performance computing clusters to bypass traditional networking overhead.

What does CVE-2026-46325 mean for memory handling?

This CVE describes a logic error during memory address translation. Specifically, it involves an incorrect conversion between input/output virtual addresses (iova) and actual virtual addresses (va) when the memory region's page size does not match the system's standard page size. This mismatch can lead to incorrect memory mapping, potentially causing system crashes or kernel panics.

How is this RDMA/rxe vulnerability triggered?

The flaw is triggered when the kernel processes RDMA operations involving memory regions configured with page sizes that differ from the system default. It is not triggered by standard network traffic that does not utilize these specific memory registration configurations. Successful interaction requires the attacker to send specially crafted RDMA traffic that exploits these specific address translation inconsistencies.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal identifies this vulnerability as very unlikely to be exposed to the public internet. Because the RDMA subsystem is a low-level, high-performance protocol, it is typically restricted to isolated data center fabrics or internal high-speed cluster interconnects rather than public-facing interfaces.

What should I do to address this kernel issue?

Begin by identifying which servers or clusters in your environment are actively using RDMA with custom memory page sizes. Prioritize those systems for review based on their role and business impact. Coordinate with your platform or infrastructure team to plan for testing and applying the necessary kernel updates provided by your distribution vendor to resolve the memory conversion defect.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.