Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix unlocked call to hns_roce_qp_remove()

Sashiko points out that hns_roce_qp_remove() requires the caller to hold
locks. The error flow in hns_roce_create_qp_common() doesn't hold those
locks for the error unwind so it risks corrupting memory.

Grab the same locks the other two callers use.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s RDMA/hns driver contains a flaw where the function hns_roce_qp_remove requires callers to hold specific locks, but the error unwind path in hns_roce_create_qp_common does not acquire those locks. This omission can corrupt kernel memory, potentially allowing a local attacker to execute arbitrary code with kernel privileges or destabilize the system.

Affected Systems

The flaw affects all Linux kernel releases that contain the RDMA/hns driver, as no specific version range is listed. Users should verify whether the driver is active on their system and apply the latest kernel update that incorporates the referenced patch commits.

Risk and Exploitability

Based on the description, the vulnerability involves kernel memory corruption; a local attacker who can trigger the hns_roce_create_qp_common error path is inferred to be able to gain elevated privileges or crash the system. The EPSS score of < 1% indicates a low likelihood of exploitation, and the flaw is not listed in the CISA KEV catalog. While no remote exploit is documented, the local nature of the attack warrants prompt attention.

Generated by OpenCVE AI on May 29, 2026 at 05:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a revision that includes the fix for hns_roce_qp_remove (see the commit series in the provided references).
  • If the RDMA/hns driver is not required on a host, disable or uninstall the driver to eliminate the risk surface.
  • Maintain an up‑to‑date patch management process to ensure all kernel updates are applied promptly and monitor kernel logs for anomalous RDMA activity.

Generated by OpenCVE AI on May 29, 2026 at 05:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-416

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-416

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold locks. The error flow in hns_roce_create_qp_common() doesn't hold those locks for the error unwind so it risks corrupting memory. Grab the same locks the other two callers use.
Title RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:35:20.879Z

Reserved: 2026-05-13T15:03:33.098Z

Link: CVE-2026-46112

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:26.660

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46112

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46112 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T05:30:36Z

Weaknesses