🟠 High | Source: Microsoft Security Response Center
CVE-2026-52908 is a vulnerability in the Linux kernel’s RDMA (Remote Direct Memory Access) subsystem, specifically in the memory region re-registration process where access flags are not properly validated. This can allow incompatible access permissions to be set during a re-registration operation, potentially leading to unauthorised memory access or privilege escalation in environments using RDMA-capable hardware. Azure workloads leveraging high-performance networking or HPC (High Performance Computing) configurations may be exposed if the underlying host kernel is affected.
Security Architect’s Take: Review whether your Azure HPC or RDMA-enabled VM SKUs (such as H-series or N-series) are running workloads that rely on the RDMA subsystem, and ensure host patching cycles are current; engage Microsoft’s patch guidance to confirm whether guest-level or platform-level remediation is required.
Original advisory: CVE-2026-52908 RDMA: During rereg_mr ensure that REREG_ACCESS is compatible