CVE-2026-43494 – net/rds: reset op_nents when zerocopy page pin fails

CVE ID :CVE-2026-43494

Published : May 21, 2026, 12:16 p.m. | 42 minutes ago

Description :In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinned pages are released with put_page(), and
rm->data.op_mmp_znotifier is cleared. But we fail to properly
clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the
cleanup loop iterates over the incorrectly non zero number of
op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in
rds_message_zcopy_from_user().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-43502 – net/rds: handle zerocopy send cleanup before the message is queued

CVE-2026-43501 – ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

CVE-2026-43499 – rtmutex: Use waiter::task instead of current in remove_waiter()

CVE-2026-43498 – accel/ivpu: Disallow re-exporting imported GEM objects