7.8

CVE-2026-43494

Exploit

net/rds: reset op_nents when zerocopy page pin fails

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinned pages are released with put_page(), and
rm->data.op_mmp_znotifier is cleared.  But we fail to properly
clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the
cleanup loop iterates over the incorrectly non zero number of
op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in
rds_message_zcopy_from_user().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 5.10.258
LinuxLinux Kernel Version >= 5.11 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.141
LinuxLinux Kernel Version >= 6.7 < 6.12.91
LinuxLinux Kernel Version >= 6.13 < 6.18.33
LinuxLinux Kernel Version >= 6.19 < 7.0.10
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.185
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1341 Multiple Releases of Same Resource or Handle

The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.

https://git.kernel.org/stable/c/e174929793195e0cd6a4adb0cad731b39f9019b4
Patch
http://www.openwall.com/lists/oss-security/2026/05/21/2
Mailing List
https://git.kernel.org/stable/c/0bbbff00a15b1df2cac9014d6cf4b6890f473353
Patch
https://git.kernel.org/stable/c/290e833d1acb1093bc121fcdc97f5e6161157479
Patch
https://git.kernel.org/stable/c/640e37f58f991546a87540d067279c2c1fa9fe51
Patch
https://git.kernel.org/stable/c/9115669faedccdda100428e2d26fd0aac8c50799
Patch
https://git.kernel.org/stable/c/03014551938a0887fa55f18ce49b70158a9c0113
Patch
https://git.kernel.org/stable/c/c6e51512a784c4a7b86e1a044988696e3b3721fa
Patch
https://git.kernel.org/stable/c/d84ce1786ce40fdd3dd98db47aec5527817e1ef6
Patch
https://github.com/v12-security/pocs/tree/main/pintheft
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=2480434
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43494.json
https://access.redhat.com/security/cve/CVE-2026-43494