Bug 2492249 (CVE-2026-54906)
| Summary: | CVE-2026-54906 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | akostadi, amasferr, anthomas, dmayorov, eglynn, ehelms, eshamard, ggainey, jjoyce, jlledo, jpasqual, jpretori, jschluet, juwatts, jvasik, kaycoth, lhh, mburns, mgarciac, mhulan, nmoumoul, osousa, pantinor, pcreech, rblanco, rchan, smallamp, tmalecek, tsedmik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The `Concurrent::ReadWriteLock` component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading to data corruption. Furthermore, an issue with read lock management can cause a denial of service (DoS) by preventing legitimate read operations.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-06-24 17:01:16 UTC
|