SB2026070227 - Use-after-free in Linux kernel rds
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53355)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the rds ib connection teardown path when unwinding a failed queue pair setup. A local user can trigger a setup failure after allocating the send ring to cause a denial of service.
The issue occurs when rds_ib_setup_qp() fails after allocating i_sends but before allocating i_recvs, leaving a stale pointer that may be treated as a live allocation during a later shutdown pass.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926
- https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0
- https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc
- https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270
- https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b
- https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5
- https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79
- https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a