Skip to main content

Linux Kernel CVE-2026-46265

| EUVDEUVD-2026-34127 HIGH
2026-06-03 Linux GHSA-gc8j-p6w7-9593
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 05, 2026 - 07:29 vuln.today
CVSS changed
Jun 05, 2026 - 07:22 NVD
7.5 (HIGH)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:50 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 03, 2026 - 15:50 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix WQ_MEM_RECLAIM warning

When sunrpc is used, if a reset triggered, our wq may lead the following trace:

workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing !WQ_MEM_RECLAIM hns_roce_irq_workq:flush_work_handle [hns_roce_hw_v2] WARNING: CPU: 0 PID: 8250 at kernel/workqueue.c:2644 check_flush_dependency+0xe0/0x144 Call trace: check_flush_dependency+0xe0/0x144 start_flush_work.constprop.0+0x1d0/0x2f0 __flush_work.isra.0+0x40/0xb0 flush_work+0x14/0x30 hns_roce_v2_destroy_qp+0xac/0x1e0 [hns_roce_hw_v2] ib_destroy_qp_user+0x9c/0x2b4 rdma_destroy_qp+0x34/0xb0 rpcrdma_ep_destroy+0x28/0xcc [rpcrdma] rpcrdma_ep_put+0x74/0xb4 [rpcrdma] rpcrdma_xprt_disconnect+0x1d8/0x260 [rpcrdma] xprt_rdma_connect_worker+0xc0/0x120 [rpcrdma] process_one_work+0x1cc/0x4d0 worker_thread+0x154/0x414 kthread+0x104/0x144 ret_from_fork+0x10/0x18

Since QP destruction frees memory, this wq should have the WQ_MEM_RECLAIM.

AnalysisAI

Denial-of-service condition in the Linux kernel's HNS RoCE (RDMA over Converged Ethernet) driver affects systems using HiSilicon RDMA hardware alongside SUNRPC/NFS-over-RDMA workloads. The hns_roce_irq_workq workqueue lacks the WQ_MEM_RECLAIM flag while being flushed during QP (Queue Pair) destruction from a memory-reclaim context, triggering a kernel warning and potential stall during RDMA transport reset. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis.

Technical ContextAI

The flaw resides in the hns_roce_hw_v2 driver, which provides RDMA support for HiSilicon HNS-series NICs (commonly Kunpeng/Hi1620-class server platforms). Linux workqueues marked WQ_MEM_RECLAIM are guaranteed forward progress under memory pressure; flushing a non-WQ_MEM_RECLAIM workqueue from one that is WQ_MEM_RECLAIM (here, xprtiod from the rpcrdma/SUNRPC stack) violates kernel locking/forward-progress invariants, raising the check_flush_dependency warning at kernel/workqueue.c:2644. The trigger path is rpcrdma_xprt_disconnect → rdma_destroy_qp → hns_roce_v2_destroy_qp → flush_work on the offending irq workq. The CPE data references generic linux:linux entries without precise version bounds, and CWE is not assigned by NVD, though the underlying class is improper workqueue dependency (related to CWE-667/CWE-833 locking/deadlock concerns).

RemediationAI

Vendor-released patch: upgrade to Linux 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 (or later) depending on the active stable series, picking up the hns_roce fix commits at https://git.kernel.org/stable/c/0cbec8b49270f3f0600b8e3ef5e8f0d233dcea27 and the related backports. Distribution kernels should be updated once vendors (RHEL, SLES, Ubuntu, openEuler) publish rebuilds containing these stable commits. As a workaround for unpatched systems, disable or avoid NFS-over-RDMA (mount NFS via TCP instead) on hosts equipped with HiSilicon HNS RoCE hardware, which removes the rpcrdma → hns_roce_v2_destroy_qp code path at the cost of losing RDMA acceleration; alternatively, unload the hns_roce_hw_v2 module if RDMA is not required, accepting loss of RDMA functionality on that NIC.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-46265 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy