High

Elevation of Privilege in Linux MANA Driver for Microsoft Azure Network Adapter

IdentifiersCVE-2026-45476CWE-416· Use After Free

CVE-2026-45476 is a use-after-free vulnerability in the Linux MANA Driver associated with the Microsoft Azure Network Adapter. The flaw arises from improper handling of memory after it has been freed, creating a condition in which stale references can be accessed. According to the provided advisory context, an attacker with local authorization and control of the host environment can trigger the memory mishandling flaw in the guest driver. This can expose sensitive information from the guest and may be leveraged to obtain elevated privileges within the guest system.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow an authorized local attacker to read sensitive information from the guest and potentially elevate privileges within the guest operating system. The issue therefore has both confidentiality impact, through guest memory disclosure, and privilege-escalation impact, through abuse of the corrupted driver state to gain higher privileges locally in the guest.

Mitigation

If you can’t patch tonight, do this now.

Update affected Linux systems to a kernel version containing the upstream fix as soon as vendor packages are available. For environments running custom kernels or older maintained branches, backport the upstream patch. Until patched, reduce exposure by limiting who can obtain local authorized access and by restricting scenarios in which an attacker can control the host environment for affected Azure guest systems. Monitor Linux distribution and vendor security advisories for fixed kernel packages and deploy them promptly.

Remediation

Patch, then assume compromise.

Upgrade to a Linux kernel release that includes the upstream fix for the Linux MANA Driver vulnerability. Where an updated vendor kernel is not yet available, apply or backport the upstream patch identified as commit 3985c9a56da4 to the affected kernel branch, following normal validation and change-management procedures.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

LinuxLinux Kerneloperating_system

LinuxMana Driveroperating_system

Microsoft CorporationLinux Kernel Mana Network Driverapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

cyberthroneNews

Jun 10, 2026

Microsoft Patch Tuesday - June 2026 - TheCyberThrone

A use-after-free vulnerability in the Linux MANA Driver that can expose guest memory and potentially enable privilege escalation within the guest.

malware newsNews

Jun 9, 2026

Microsoft Patch Tuesday for June 2026 - Snort rules and prominent vulnerabilities - Malware News - Malware Analysis, News and Indicators

A critical elevation of privilege vulnerability in Microsoft Azure Network Adapter / Linux MANA Driver caused by a use-after-free flaw.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-45476

NVD

nvd.nist.gov/vuln/detail/CVE-2026-45476

MITRE CWE · CWE-416

Use After Free

msrc.microsoft.com

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45476