In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix unlocked call to hnsroceqp_remove()
Sashiko points out that hnsroceqpremove() requires the caller to hold locks. The error flow in hnsrocecreateqp_common() doesn't hold those locks for the error unwind so it risks corrupting memory.
Grab the same locks the other two callers use.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46112.json",
"cna_assigner": "Linux"
}