CVE-2026-43494
Published: May 21, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 - < c6e51512a784c4a7b86e1a044988696e3b3721faaffected 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 - < 03014551938a0887fa55f18ce49b70158a9c0113affected 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 - < d84ce1786ce40fdd3dd98db47aec5527817e1ef6affected 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 - < 9115669faedccdda100428e2d26fd0aac8c50799affected 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 - < 0bbbff00a15b1df2cac9014d6cf4b6890f473353+3 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now