CVE-2026-46112
Race Condition in Linux Kernel RDMA/hns Driver
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's RDMA/hns component. Specifically, the function hns_roce_qp_remove() requires the caller to hold certain locks to operate safely. However, in the error handling flow of the function hns_roce_create_qp_common(), these locks were not held during an error unwind, which could lead to memory corruption.
The fix involved ensuring that the same locks used by other callers of hns_roce_qp_remove() are also acquired in this error path to prevent unsafe memory operations.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption within the Linux kernel's RDMA/hns subsystem. Memory corruption can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to RDMA/hns and the unlocked call to hns_roce_qp_remove() has been resolved by ensuring the proper locks are held during error handling.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.