CVE-2026-46265
Received Received - Intake
Memory Leak in Linux Kernel RDMA/hns

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing !WQ_MEM_RECLAIM hns_roce_irq_workq:flush_work_handle [hns_roce_hw_v2] WARNING: CPU: 0 PID: 8250 at kernel/workqueue.c:2644 check_flush_dependency+0xe0/0x144 Call trace: check_flush_dependency+0xe0/0x144 start_flush_work.constprop.0+0x1d0/0x2f0 __flush_work.isra.0+0x40/0xb0 flush_work+0x14/0x30 hns_roce_v2_destroy_qp+0xac/0x1e0 [hns_roce_hw_v2] ib_destroy_qp_user+0x9c/0x2b4 rdma_destroy_qp+0x34/0xb0 rpcrdma_ep_destroy+0x28/0xcc [rpcrdma] rpcrdma_ep_put+0x74/0xb4 [rpcrdma] rpcrdma_xprt_disconnect+0x1d8/0x260 [rpcrdma] xprt_rdma_connect_worker+0xc0/0x120 [rpcrdma] process_one_work+0x1cc/0x4d0 worker_thread+0x154/0x414 kthread+0x104/0x144 ret_from_fork+0x10/0x18 Since QP destruction frees memory, this wq should have the WQ_MEM_RECLAIM.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-46265
EUVD
EUVD-2026-34127
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically involving the hns (HiSilicon Network Subsystem) hardware driver. When the sunrpc (Sun Remote Procedure Call) is used and a reset is triggered, a workqueue (wq) may cause a warning related to WQ_MEM_RECLAIM, which is a mechanism to reclaim memory safely during workqueue operations.

The issue arises because the destruction of a Queue Pair (QP), which frees memory, requires the workqueue to have the WQ_MEM_RECLAIM flag set to avoid unsafe memory operations. Without this fix, the kernel logs warnings indicating improper flushing of workqueues, which could lead to instability or memory management issues.


How can this vulnerability impact me? :

This vulnerability can lead to kernel warnings and potentially unstable behavior in systems using the affected RDMA driver with sunrpc. Specifically, improper handling of memory reclamation during Queue Pair destruction could cause memory management issues, which might result in system instability or crashes under certain conditions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a warning in the Linux kernel logs related to workqueue memory reclaim issues when using RDMA and sunrpc. To detect it, you should monitor your system kernel logs for the specific warning message.

  • Check kernel logs for the warning: "WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing !WQ_MEM_RECLAIM hns_roce_irq_workq:flush_work_handle [hns_roce_hw_v2]"
  • Use the command: dmesg | grep WQ_MEM_RECLAIM
  • Alternatively, check system logs with: journalctl -k | grep WQ_MEM_RECLAIM

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed in the Linux kernel by ensuring the workqueue has the WQ_MEM_RECLAIM flag when destroying QPs (Queue Pairs) in RDMA. Immediate mitigation involves updating your Linux kernel to a version that includes this fix.

  • Update the Linux kernel to the latest version that contains the fix for this issue.
  • Monitor kernel logs for the warning to verify if the issue persists after the update.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart