{"api_version":"1","generated_at":"2026-07-03T03:15:35+00:00","cve":"CVE-2026-53355","urls":{"html":"https://cve.report/CVE-2026-53355","api":"https://cve.report/api/cve/CVE-2026-53355.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53355","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53355"},"summary":{"title":"net: rds: clear i_sends on setup unwind","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: clear i_sends on setup unwind\n\nThe RDS IB connection teardown path is written so it can run during\npartial startup and on repeated shutdown attempts. It uses NULL\npointers to distinguish resources that are still owned from resources\nthat have already been released.\n\nWhen rds_ib_setup_qp() fails after allocating i_sends but before\nallocating i_recvs, the sends_out path frees i_sends without clearing\nthe pointer. A later shutdown pass can still treat that stale pointer\nas a live send ring allocation.\n\nClear i_sends after vfree() in the error unwind path so the existing\nshutdown logic continues to use the correct ownership state.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-07-01 14:16:43","updated_at":"2026-07-01 14:16:43"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926","name":"https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc","name":"https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0","name":"https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a","name":"https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5","name":"https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270","name":"https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b","name":"https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79","name":"https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53355","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53355","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 66cccec111421a10efdc2c74499d15b93e7acae5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 29d940026dce39e3018dab6f67c9427249321270 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc e7cf30aa5f1fc6c2a86df65df8b731df20e44d79 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 1d4ec754ee3871f7e3670c67bb0298c9c5760926 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 27040bbca289a704eafcacca167d310c6ce2b1bc git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3b12f73a5c2977153f28a224392fd4729b50d1dc 20cf0fb715c41111469577e85e35d15f099473e0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 75a12b2fa80c2e4cc40a9f9305f95899850b7426 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c9459693fae9a1bf3f51f3db98617f694112e897 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 13099ee9c7d54b0a25f6c8397675aed99e9cfa45 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5c6712ab4efb6cf60e16719ab6bcaface9cc268c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3.18.74 3.19 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.1.46 4.2 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.4.91 4.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.9.54 4.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.11","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.11 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.259 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.210 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.176 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.143 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.94 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.36 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.13 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"53355","cve":"CVE-2026-53355","epss":"0.001640000","percentile":"0.059860000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:12"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/rds/ib_cm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"66cccec111421a10efdc2c74499d15b93e7acae5","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"29d940026dce39e3018dab6f67c9427249321270","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"e7cf30aa5f1fc6c2a86df65df8b731df20e44d79","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"1d4ec754ee3871f7e3670c67bb0298c9c5760926","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"27040bbca289a704eafcacca167d310c6ce2b1bc","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"lessThan":"20cf0fb715c41111469577e85e35d15f099473e0","status":"affected","version":"3b12f73a5c2977153f28a224392fd4729b50d1dc","versionType":"git"},{"status":"affected","version":"75a12b2fa80c2e4cc40a9f9305f95899850b7426","versionType":"git"},{"status":"affected","version":"c9459693fae9a1bf3f51f3db98617f694112e897","versionType":"git"},{"status":"affected","version":"13099ee9c7d54b0a25f6c8397675aed99e9cfa45","versionType":"git"},{"status":"affected","version":"5c6712ab4efb6cf60e16719ab6bcaface9cc268c","versionType":"git"},{"lessThan":"3.19","status":"affected","version":"3.18.74","versionType":"semver"},{"lessThan":"4.2","status":"affected","version":"4.1.46","versionType":"semver"},{"lessThan":"4.5","status":"affected","version":"4.4.91","versionType":"semver"},{"lessThan":"4.10","status":"affected","version":"4.9.54","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/rds/ib_cm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.11"},{"lessThan":"4.11","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.259","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.210","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.176","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.143","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.94","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.36","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.13","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.259","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.210","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.176","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.143","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.94","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.36","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.13","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1","versionStartIncluding":"4.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.74","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.46","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.91","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.54","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: clear i_sends on setup unwind\n\nThe RDS IB connection teardown path is written so it can run during\npartial startup and on repeated shutdown attempts. It uses NULL\npointers to distinguish resources that are still owned from resources\nthat have already been released.\n\nWhen rds_ib_setup_qp() fails after allocating i_sends but before\nallocating i_recvs, the sends_out path frees i_sends without clearing\nthe pointer. A later shutdown pass can still treat that stale pointer\nas a live send ring allocation.\n\nClear i_sends after vfree() in the error unwind path so the existing\nshutdown logic continues to use the correct ownership state."}],"providerMetadata":{"dateUpdated":"2026-07-01T13:32:30.831Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/66cccec111421a10efdc2c74499d15b93e7acae5"},{"url":"https://git.kernel.org/stable/c/2c5e5e4a5970c41f16e3ad801a78719ed5d5c71b"},{"url":"https://git.kernel.org/stable/c/29d940026dce39e3018dab6f67c9427249321270"},{"url":"https://git.kernel.org/stable/c/e7cf30aa5f1fc6c2a86df65df8b731df20e44d79"},{"url":"https://git.kernel.org/stable/c/f16ad421a4e3e7db2d14bdf3b16f583bc4f3b30a"},{"url":"https://git.kernel.org/stable/c/1d4ec754ee3871f7e3670c67bb0298c9c5760926"},{"url":"https://git.kernel.org/stable/c/27040bbca289a704eafcacca167d310c6ce2b1bc"},{"url":"https://git.kernel.org/stable/c/20cf0fb715c41111469577e85e35d15f099473e0"}],"title":"net: rds: clear i_sends on setup unwind","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-53355","datePublished":"2026-07-01T13:32:30.831Z","dateReserved":"2026-06-09T07:44:35.400Z","dateUpdated":"2026-07-01T13:32:30.831Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-01 14:16:43","lastModifiedDate":"2026-07-01 14:16:43","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53355","Ordinal":"1","Title":"net: rds: clear i_sends on setup unwind","CVE":"CVE-2026-53355","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53355","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: clear i_sends on setup unwind\n\nThe RDS IB connection teardown path is written so it can run during\npartial startup and on repeated shutdown attempts. It uses NULL\npointers to distinguish resources that are still owned from resources\nthat have already been released.\n\nWhen rds_ib_setup_qp() fails after allocating i_sends but before\nallocating i_recvs, the sends_out path frees i_sends without clearing\nthe pointer. A later shutdown pass can still treat that stale pointer\nas a live send ring allocation.\n\nClear i_sends after vfree() in the error unwind path so the existing\nshutdown logic continues to use the correct ownership state.","Type":"Description","Title":"net: rds: clear i_sends on setup unwind"}]}}}