CVE-2026-53355
net: rds: clear i_sends on setup unwind
Description
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned from resources that have already been released. When rds_ib_setup_qp() fails after allocating i_sends but before allocating i_recvs, the sends_out path frees i_sends without clearing the pointer. A later shutdown pass can still treat that stale pointer as a live send ring allocation. Clear i_sends after vfree() in the error unwind path so the existing shutdown logic continues to use the correct ownership state.
INFO
Published Date :
July 1, 2026, 1:32 p.m.
Last Modified :
July 1, 2026, 1:32 p.m.
Remotely Exploit :
No
Source :
Linux
Solution
- Apply the Linux kernel patch for net: rds: clear i_sends.
- Update the Linux kernel to the fixed version.
- Clear i_sends after vfree() in the error unwind path.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-53355 vulnerability anywhere in the article.