CVE-2026-52994

UNKNOWN 0.0

vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting virtio_transport_init_zcopy_skb() uses iter->count as the size argument for msg_zerocopy_realloc(), which in turn passes it to mm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this function is called after virtio_transport_fill_skb() has already consumed the iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count will be 0, skipping the RLIMIT_MEMLOCK enforcement. Pass pkt_len (the total bytes being sent) as an explicit parameter to virtio_transport_init_zcopy_skb() instead of reading the already-consumed iter->count. This matches TCP and UDP, which both call msg_zerocopy_realloc() with the original message size.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

581512a6dc939ef122e49336626ae159f3b8a345 < 6af1736b5810bc8a4a43a8518530113f5a757dc1 581512a6dc939ef122e49336626ae159f3b8a345 < d0117950075f0a9d5944980784c719d8ebcd4bff 581512a6dc939ef122e49336626ae159f3b8a345 < 1cb36e252211506f51095fe7ced8286cc77b4c80

Linux / Linux

6.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/6af1736b5810bc8a4a43a8518530113f5a757dc1 git.kernel.org: https://git.kernel.org/stable/c/d0117950075f0a9d5944980784c719d8ebcd4bff git.kernel.org: https://git.kernel.org/stable/c/1cb36e252211506f51095fe7ced8286cc77b4c80