Medium5.9Red Hat Linux Updated
Denial of Service due to infinite loop in AtomicReference#update
CVE-2026-54904 Published Jun 24, 2026Updated by vendor Jun 24, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Denial of Service due to infinite loop in AtomicReference#update. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-835.
Affected versions
- < 1.3.7
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- The vulnerable `AtomicReference#update` code path is not exercised with externally-derived numeric values, making exploitation not possible in this context. Updating to concurrent-ruby 1.3.7 when available in upstream dependencies will fully resolve this issue.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.