๐Ÿ” CVE Alert

CVE-2026-43494

HIGH 7.8

net/rds: reset op_nents when zerocopy page pin fails

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published May 21, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < c6e51512a784c4a7b86e1a044988696e3b3721fa 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 03014551938a0887fa55f18ce49b70158a9c0113 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < d84ce1786ce40fdd3dd98db47aec5527817e1ef6 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 9115669faedccdda100428e2d26fd0aac8c50799 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 0bbbff00a15b1df2cac9014d6cf4b6890f473353 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 640e37f58f991546a87540d067279c2c1fa9fe51 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 290e833d1acb1093bc121fcdc97f5e6161157479 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < e174929793195e0cd6a4adb0cad731b39f9019b4
Linux / Linux
4.17

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/c6e51512a784c4a7b86e1a044988696e3b3721fa git.kernel.org: https://git.kernel.org/stable/c/03014551938a0887fa55f18ce49b70158a9c0113 git.kernel.org: https://git.kernel.org/stable/c/d84ce1786ce40fdd3dd98db47aec5527817e1ef6 git.kernel.org: https://git.kernel.org/stable/c/9115669faedccdda100428e2d26fd0aac8c50799 git.kernel.org: https://git.kernel.org/stable/c/0bbbff00a15b1df2cac9014d6cf4b6890f473353 git.kernel.org: https://git.kernel.org/stable/c/640e37f58f991546a87540d067279c2c1fa9fe51 git.kernel.org: https://git.kernel.org/stable/c/290e833d1acb1093bc121fcdc97f5e6161157479 git.kernel.org: https://git.kernel.org/stable/c/e174929793195e0cd6a4adb0cad731b39f9019b4 github.com: https://github.com/v12-security/pocs/tree/main/pintheft openwall.com: http://www.openwall.com/lists/oss-security/2026/05/21/2 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-43494 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2480434 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43494.json