Back to overview

CVE-2026-53355

Description
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned from resources that have already been released. When rds_ib_setup_qp() fails after allocating i_sends but before allocating i_recvs, the sends_out path frees i_sends without clearing the pointer. A later shutdown pass can still treat that stale pointer as a live send ring allocation. Clear i_sends after vfree() in the error unwind path so the existing shutdown logic continues to use the correct ownership state.

Metadata

CVE ID
CVE-2026-53355
State
PUBLISHED
Assigner
Linux
Reserved
2026-06-09 07:44 UTC
Published
2026-07-01 13:32 UTC
Last updated
2026-07-01 13:32 UTC
Vendor / Product
Linux / Linux
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (2)
VendorProductPlatformVersions
Linux Linux 3b12f73a5c2977153f28a224392fd4729b50d1dc < 66cccec111421a10efdc2c74499d15b93e7acae5, 3b12f73a5c2977153f28a224392fd4729b50d1dc < 2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b, 3b12f73a5c2977153f28a224392fd4729b50d1dc < 29d940026dce39e3018dab6f67c9427249321270, 3b12f73a5c2977153f28a224392fd4729b50d1dc < e7cf30aa5f1fc6c2a86df65df8b731df20e44d79 …
Linux Linux 4.11, 0 < 4.11, 5.10.259 ≤ 5.10.*, 5.15.210 ≤ 5.15.* …
Back to overview