CVE-2026-53355

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned from resources that have already been released. When rds_ib_setup_qp() fails after allocating i_sends but before allocating i_recvs, the sends_out path frees i_sends without clearing the pointer. A later shutdown pass can still treat that stale pointer as a live send ring allocation. Clear i_sends after vfree() in the error unwind path so the existing shutdown logic continues to use the correct ownership state.

References

https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a

https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79

https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5

https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b

https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270

https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc

https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0

https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926

Details

Source: Mitre, NVD

Published: 2026-07-01

Updated: 2026-07-01

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium