GHSA-4rj2-pr7f-cmpgHighCVSS 8.8

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the...

Published
June 25, 2026
Last Modified
June 28, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Validate the passed in fops for ib_get_ucaps()

Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same dev_t it can masquerade as a ucap cdev fd.

Test the f_ops to only accept authentic cdevs.

🔗 References (5)