Linux Kernel RDMA/iwcm Workqueue Corruption Flaw Patched as CVE-2026-45898
SUSE and upstream kernel maintainers disclosed CVE-2026-45898, an important Linux kernel flaw in the RDMA/iwcm subsystem that can corrupt internal workqueue lists and trigger a kernel BUG. The issue was introduced by commit e1168f0, which allowed unique struct iwcm_work items drawn from a free list to be queued more than once through unconditional queue_work() calls, creating duplicate work entries and list_del corruption under load.
The fix removes the redundant work_list, relying on the kernel workqueue subsystem’s native tracking instead. The bug was reproduced during stress testing with ucmatose on an Intel E830 adapter in iWARP mode, and SUSE assigned the vulnerability an important severity rating, citing CVSS v3.1 scores up to 9.8 and a SUSE CVSS v4 score of 7.3. SUSE has issued multiple advisories and updated packages across SLES, SL Micro, and openSUSE Leap product lines, although some builds remain affected or are still in progress.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
SUSE Bugzilla entry documents CVE-2026-45898 remediation
On 2026-06-23, SUSE published Bugzilla entry 1266888 describing CVE-2026-45898, its root cause in RDMA/iwcm workqueue handling, and the upstream fix. The entry also linked the issue to multiple stable kernel commits and SUSE security updates.
SUSE publishes CVE-2026-45898 advisories and fixed package versions
On 2026-06-15, SUSE published its CVE page for CVE-2026-45898, rating the issue important and listing advisories and fixed package versions across SLES, SL Micro, openSUSE Leap 16.0, and related enterprise products. The page also noted that some products remained affected or in progress.
Kernel fix removes redundant work_list for CVE-2026-45898
The Linux kernel vulnerability was fixed by removing the redundant work_list in RDMA/iwcm because the kernel workqueue subsystem already provides the necessary tracking. Multiple stable kernel commits and vendor advisories referenced this fix.
Linux kernel flaw introduced in RDMA/iwcm by commit e1168f0
A flaw in the Linux kernel RDMA/iwcm subsystem was introduced by commit e1168f0, which allowed reused work items from a free list to be queued multiple times and corrupt internal workqueue lists. The references identify this commit as the origin of CVE-2026-45898, but do not provide a specific date for when it occurred.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
SUSE fixes Linux kernel RDMA/siw out-of-bounds flaw tracked as CVE-2022-50736
SUSE has released fixes for **CVE-2022-50736**, an **Important** Linux kernel vulnerability in the `RDMA/siw` subsystem that can trigger out-of-bounds array access during work completion generation. The flaw occurs when a queue pair enters the `ERROR` state and an undefined opcode is processed while immediately flushing work requests to the completion queue; SUSE said the bug was observed in a KASAN global-out-of-bounds report during NFSoRDMA testing. SUSE assigned the issue a **CVSS v3 7.8** and **CVSS v4 8.5** severity rating. The patch corrects send queue element opcode handling and also blocks a malicious-user scenario in which undefined completion queue element status or opcode values could be written when the completion queue is memory-mapped to user space. SUSE marked the issue as resolved through multiple kernel security advisories covering affected **SUSE Linux Enterprise**, **openSUSE**, **SLE Micro**, **HPC**, **SAP**, **Manager**, **Liberty Linux**, and Rancher-related product variants, including releases in the 15.3, 15.4, and 15.5 lines, while noting that many newer products and some service packs are not affected.
Jun 27, 2026
Linux Kernel RDMA Refcount Leak Fixed in SUSE Enterprise and openSUSE
SUSE disclosed and patched **CVE-2025-71157**, a Linux kernel flaw in the `RDMA/core` subsystem caused by improper reference count handling in `ib_del_sub_device_and_put()`. The bug occurs after `nldev_deldev()` acquires a device reference through `ib_device_get_by_index()` and then returns `-EOPNOTSUPP` without releasing that reference, creating a refcount leak that can affect system availability. SUSE rates the issue **moderate severity**, while published scoring indicates the vulnerability is exploitable with **local access**, **low privileges**, and **no user interaction**. The flaw was introduced in Linux kernel **6.11** and affects `drivers/infiniband/core/device.c`; upstream fixes were released in **6.12.64**, **6.18.4**, and **6.19-rc4**. SUSE said the issue has been resolved across multiple **SLES**, **SLE Micro**, **SAP**, **HPC**, **Real Time**, and **openSUSE Leap 16.0** product lines through a series of 2026 advisories, while some older or unsupported releases are not affected or no longer supported. The Linux kernel CVE team assigned the identifier and advised users to update to the latest stable kernel rather than cherry-picking individual commits.
Feb 11, 2026
SUSE fixes Linux kernel deadlock and race flaws in SR-IOV and RDMA subsystems
SUSE published fixes for two **moderate-severity** Linux kernel vulnerabilities that can be exploited locally to disrupt system availability. `CVE-2025-40219` affects the PCI/SR-IOV subsystem, where a race between enabling or disabling virtual functions and PCI hotplug activity can trigger double removal, list corruption, or deadlock conditions; SUSE and its Bugzilla record note the issue was observed on `s390` systems during platform hot-unplug events racing with `sriov_disable()`. SUSE assigned the flaw CVSS 3.1 **6.6** and CVSS 4.0 **6.9**, and said fixes were released across multiple SUSE Linux Enterprise, SUSE Linux Micro, and openSUSE Leap branches, although some older or lifecycle-limited products remain affected or unsupported. SUSE also addressed `CVE-2026-31565`, a Linux kernel flaw in the RDMA `irdma` subsystem that can deadlock during network device reset when active RDMA connections exist, especially in **iWARP** mode. The bug stems from a circular dependency during auxiliary driver removal in which `uverbs_client` waits for a queue-pair reference count to reach zero while `cma_client` holds the final reference; the fix avoids waiting for that reference count during device reset. SUSE rated the issue CVSS 3.1 **5.5** and CVSS 4.0 **6.8**, and said updated kernel packages were issued for numerous SLE, SLE Micro, SUSE Linux Micro, and openSUSE-related products, with remediation status varying by version and support lifecycle.
Jun 27, 2026