Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix WQ_MEM_RECLAIM warning

When sunrpc is used, if a reset triggered, our wq may lead the
following trace:

workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma]
is flushing !WQ_MEM_RECLAIM hns_roce_irq_workq:flush_work_handle
[hns_roce_hw_v2]
WARNING: CPU: 0 PID: 8250 at kernel/workqueue.c:2644 check_flush_dependency+0xe0/0x144
Call trace:
check_flush_dependency+0xe0/0x144
start_flush_work.constprop.0+0x1d0/0x2f0
__flush_work.isra.0+0x40/0xb0
flush_work+0x14/0x30
hns_roce_v2_destroy_qp+0xac/0x1e0 [hns_roce_hw_v2]
ib_destroy_qp_user+0x9c/0x2b4
rdma_destroy_qp+0x34/0xb0
rpcrdma_ep_destroy+0x28/0xcc [rpcrdma]
rpcrdma_ep_put+0x74/0xb4 [rpcrdma]
rpcrdma_xprt_disconnect+0x1d8/0x260 [rpcrdma]
xprt_rdma_connect_worker+0xc0/0x120 [rpcrdma]
process_one_work+0x1cc/0x4d0
worker_thread+0x154/0x414
kthread+0x104/0x144
ret_from_fork+0x10/0x18

Since QP destruction frees memory, this wq should have the WQ_MEM_RECLAIM.
Published: 2026-06-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug in the RDMA/hns driver causes the workqueue to emit a WQ_MEM_RECLAIM warning when the kernel attempts to flush a queue that was not marked for memory reclamation. This represents a flaw in resource management (CWE-821), leading to improper memory handling but not providing an execution path for an attacker. The warning is purely diagnostic and mainly indicates potential system instability.

Affected Systems

Any Linux system running a kernel that includes the RDMA/hns code module before the patch is potentially affected. All kernel releases containing the hns_roce module and using sunrpc are relevant, as they can trigger the faulty queue flush.

Risk and Exploitability

EPSS < 1% and the vulnerability is not listed in KEV. The CVSS score of 7.5 reflects a moderate‑to‑high severity tied to potential instability rather than a direct compromise. Because the flaw does not expose secrets or allow code execution, the overall risk remains low to moderate. The likely attack vector is a local process with the ability to trigger a sunrpc reset, so remote exploitation is not feasible.

Generated by OpenCVE AI on June 9, 2026 at 23:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel update that includes the fix for the missing WQ_MEM_RECLAIM flag (CVE-2026-46265).
  • Ensure the hns_roce module is reloaded or the system is rebooted so the new workqueue logic takes effect.
  • If RDMA usage is optional, disable the hns_roce module to eliminate the exposed code path until the patch is applied.

Generated by OpenCVE AI on June 9, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Fri, 05 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 04 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References

Wed, 03 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing !WQ_MEM_RECLAIM hns_roce_irq_workq:flush_work_handle [hns_roce_hw_v2] WARNING: CPU: 0 PID: 8250 at kernel/workqueue.c:2644 check_flush_dependency+0xe0/0x144 Call trace: check_flush_dependency+0xe0/0x144 start_flush_work.constprop.0+0x1d0/0x2f0 __flush_work.isra.0+0x40/0xb0 flush_work+0x14/0x30 hns_roce_v2_destroy_qp+0xac/0x1e0 [hns_roce_hw_v2] ib_destroy_qp_user+0x9c/0x2b4 rdma_destroy_qp+0x34/0xb0 rpcrdma_ep_destroy+0x28/0xcc [rpcrdma] rpcrdma_ep_put+0x74/0xb4 [rpcrdma] rpcrdma_xprt_disconnect+0x1d8/0x260 [rpcrdma] xprt_rdma_connect_worker+0xc0/0x120 [rpcrdma] process_one_work+0x1cc/0x4d0 worker_thread+0x154/0x414 kthread+0x104/0x144 ret_from_fork+0x10/0x18 Since QP destruction frees memory, this wq should have the WQ_MEM_RECLAIM.
Title RDMA/hns: Fix WQ_MEM_RECLAIM warning
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-05T06:06:37.771Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46265

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:28.013

Modified: 2026-06-09T19:46:48.330

Link: CVE-2026-46265

cve-icon Redhat

Severity :

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46265 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses