CVE-2026-46112
HIGH
Published May 28, 2026
Modified Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold locks. The error flow in hns_roce_create_qp_common() doesn't hold those locks for the error unwind so it risks corrupting memory. Grab the same locks the other two callers use.
CVSS v3.1 Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS — Exploit Prediction
0.0013
Probability of exploitation
0.03%
Percentile rank
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
References
Other References
https://git.kernel.org/stable/c/0c99acbc8b6c6dd526ae475a48ee1897b61072fb
https://git.kernel.org/stable/c/1912f78798505dc9c637081bbddfbf1c22494c49
https://git.kernel.org/stable/c/1f0a3aa8b569d010316b427238222c5d899f9618
https://git.kernel.org/stable/c/615d9d260c32bb678504ca96f29ae46f9d745155
https://git.kernel.org/stable/c/b6296ff2475fc95ee6ea1b528c4b385302808186
https://git.kernel.org/stable/c/fb4ae739811d467409bd07d0e36cfd4140f3d26a
https://git.kernel.org/stable/c/fcf6a832c0d5b2bc5398d6996c5570d3ee7993fb
Frequently Asked Questions
What is CVE-2026-46112? +
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Sashiko points out that hns_roce_qp_remove() requires the caller to hold
locks. The error flow in hns_roce_create_qp_common() doesn't hold those
locks for the error unwind so it risks corrupting memory.
Grab the same locks the other two callers use. It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2026-46112? +
CVE-2026-46112 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching. The EPSS score is 0.0013, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2026-46112? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.