In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Fix manadestroywqobj() cleanup in manaibcreateqp_rss()
Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ table is unwound.
First there is a double i-- on the first failure path due to the while loop having a i--, remove it.
Second if manaibinstallcqcb() fails then manacreatewq_obj() is not undone due to the above i--.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46126.json",
"cna_assigner": "Linux"
}