CVE-2026-45910

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between the retransmit timer() and rxe destroy qp() functions in the RDMA/rxe component. This occurs when the Queue Pair (QP) reference count drops to zero while a timer handler is executing, potentially leading to a refcount underflow and use-after-free scenario. The issue is triggered when rxe put() decreases the reference count to zero during the execution of retransmit timer(), before the QP validity is checked in rxe sched task().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.