{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43226", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.994Z", "datePublished": "2026-05-06T11:28:24.952Z", "dateUpdated": "2026-05-06T11:28:24.952Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:28:24.952Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: No shortcut out of RDS_CONN_ERROR\n\nRDS connections carry a state \"rds_conn_path::cp_state\"\nand transitions from one state to another and are conditional\nupon an expected state: \"rds_conn_path_transition.\"\n\nThere is one exception to this conditionality, which is\n\"RDS_CONN_ERROR\" that can be enforced by \"rds_conn_path_drop\"\nregardless of what state the condition is currently in.\n\nBut as soon as a connection enters state \"RDS_CONN_ERROR\",\nthe connection handling code expects it to go through the\nshutdown-path.\n\nThe RDS/TCP multipath changes added a shortcut out of\n\"RDS_CONN_ERROR\" straight back to \"RDS_CONN_CONNECTING\"\nvia \"rds_tcp_accept_one_path\" (e.g. after \"rds_tcp_state_change\").\n\nA subsequent \"rds_tcp_reset_callbacks\" can then transition\nthe state to \"RDS_CONN_RESETTING\" with a shutdown-worker queued.\n\nThat'll trip up \"rds_conn_init_shutdown\", which was\nnever adjusted to handle \"RDS_CONN_RESETTING\" and subsequently\ndrops the connection with the dreaded \"DR_INV_CONN_STATE\",\nwhich leaves \"RDS_SHUTDOWN_WORK_QUEUED\" on forever.\n\nSo we do two things here:\n\na) Don't shortcut \"RDS_CONN_ERROR\", but take the longer\n path through the shutdown code.\n\nb) Add \"RDS_CONN_RESETTING\" to the expected states in\n \"rds_conn_init_shutdown\" so that we won't error out\n and get stuck, if we ever hit weird state transitions\n like this again.\""}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/connection.c", "net/rds/tcp_listen.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9bcd7c00691a2db9745817d5ea79262a503b135c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a179ac7be8f5a650d0068040705f4cddd6ca369c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "19e384a7d00d888303a8285977cdf1970c6cccd6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f0f729bdffb08af32e0f54521b81b8a9e0321f16", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "81248b1eb3c5954cc1fc7b33b7c03e34d20cb8c8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "899ef00963ce76f9fc421a7d02335fe4ead6389b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9ff599a9be784a808c36765086e3db2144aa3b66", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ad22d24be635c6beab6a1fdd3f8b1f3c478d15da", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/rds/connection.c", "net/rds/tcp_listen.c"], "versions": [{"version": "5.10.252", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.202", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.165", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.128", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.252"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.202"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9bcd7c00691a2db9745817d5ea79262a503b135c"}, {"url": "https://git.kernel.org/stable/c/a179ac7be8f5a650d0068040705f4cddd6ca369c"}, {"url": "https://git.kernel.org/stable/c/19e384a7d00d888303a8285977cdf1970c6cccd6"}, {"url": "https://git.kernel.org/stable/c/f0f729bdffb08af32e0f54521b81b8a9e0321f16"}, {"url": "https://git.kernel.org/stable/c/81248b1eb3c5954cc1fc7b33b7c03e34d20cb8c8"}, {"url": "https://git.kernel.org/stable/c/899ef00963ce76f9fc421a7d02335fe4ead6389b"}, {"url": "https://git.kernel.org/stable/c/9ff599a9be784a808c36765086e3db2144aa3b66"}, {"url": "https://git.kernel.org/stable/c/ad22d24be635c6beab6a1fdd3f8b1f3c478d15da"}], "title": "net/rds: No shortcut out of RDS_CONN_ERROR", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: No shortcut out of RDS_CONN_ERROR\n\nRDS connections carry a state \"rds_conn_path::cp_state\"\nand transitions from one state to another and are conditional\nupon an expected state: \"rds_conn_path_transition.\"\n\nThere is one exception to this conditionality, which is\n\"RDS_CONN_ERROR\" that can be enforced by \"rds_conn_path_drop\"\nregardless of what state the condition is currently in.\n\nBut as soon as a connection enters state \"RDS_CONN_ERROR\",\nthe connection handling code expects it to go through the\nshutdown-path.\n\nThe RDS/TCP multipath changes added a shortcut out of\n\"RDS_CONN_ERROR\" straight back to \"RDS_CONN_CONNECTING\"\nvia \"rds_tcp_accept_one_path\" (e.g. after \"rds_tcp_state_change\").\n\nA subsequent \"rds_tcp_reset_callbacks\" can then transition\nthe state to \"RDS_CONN_RESETTING\" with a shutdown-worker queued.\n\nThat'll trip up \"rds_conn_init_shutdown\", which was\nnever adjusted to handle \"RDS_CONN_RESETTING\" and subsequently\ndrops the connection with the dreaded \"DR_INV_CONN_STATE\",\nwhich leaves \"RDS_SHUTDOWN_WORK_QUEUED\" on forever.\n\nSo we do two things here:\n\na) Don't shortcut \"RDS_CONN_ERROR\", but take the longer\n path through the shutdown code.\n\nb) Add \"RDS_CONN_RESETTING\" to the expected states in\n \"rds_conn_init_shutdown\" so that we won't error out\n and get stuck, if we ever hit weird state transitions\n like this again.\""}], "id": "CVE-2026-43226", "lastModified": "2026-05-06T13:07:51.607", "metrics": {}, "published": "2026-05-06T12:16:42.393", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/19e384a7d00d888303a8285977cdf1970c6cccd6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/81248b1eb3c5954cc1fc7b33b7c03e34d20cb8c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/899ef00963ce76f9fc421a7d02335fe4ead6389b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9bcd7c00691a2db9745817d5ea79262a503b135c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ff599a9be784a808c36765086e3db2144aa3b66"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a179ac7be8f5a650d0068040705f4cddd6ca369c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ad22d24be635c6beab6a1fdd3f8b1f3c478d15da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0f729bdffb08af32e0f54521b81b8a9e0321f16"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net/rds: No shortcut out of RDS_CONN_ERROR", "id": "2467167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467167"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-372", "details": ["A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) component. Due to an incorrect state transition, an RDS connection can bypass its expected shutdown process. This can lead to the connection becoming permanently stuck in a shutdown-queued state, potentially causing a denial of service by preventing further connection handling."], "name": "CVE-2026-43226", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43226\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43226\nhttps://lore.kernel.org/linux-cve-announce/2026050654-CVE-2026-43226-496c@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9bcd7c00691a2db9745817d5ea79262a503b135c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a179ac7be8f5a650d0068040705f4cddd6ca369c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,19e384a7d00d888303a8285977cdf1970c6cccd6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f0f729bdffb08af32e0f54521b81b8a9e0321f16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,81248b1eb3c5954cc1fc7b33b7c03e34d20cb8c8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,899ef00963ce76f9fc421a7d02335fe4ead6389b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9ff599a9be784a808c36765086e3db2144aa3b66)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ad22d24be635c6beab6a1fdd3f8b1f3c478d15da)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.252,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.202,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.165,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.128,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.75,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.16,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.6,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-06T14:45:06.767687+00:00", "updated": "2026-05-07T06:00:16.542787+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}