CVE-2026-53355
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
01/07/2026
Última modificación:
01/07/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: rds: clear i_sends on setup unwind<br />
<br />
The RDS IB connection teardown path is written so it can run during<br />
partial startup and on repeated shutdown attempts. It uses NULL<br />
pointers to distinguish resources that are still owned from resources<br />
that have already been released.<br />
<br />
When rds_ib_setup_qp() fails after allocating i_sends but before<br />
allocating i_recvs, the sends_out path frees i_sends without clearing<br />
the pointer. A later shutdown pass can still treat that stale pointer<br />
as a live send ring allocation.<br />
<br />
Clear i_sends after vfree() in the error unwind path so the existing<br />
shutdown logic continues to use the correct ownership state.
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926
- https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0
- https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc
- https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270
- https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b
- https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5
- https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79
- https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a



