-

CVE-2026-52994

vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting

virtio_transport_init_zcopy_skb() uses iter->count as the size argument
for msg_zerocopy_realloc(), which in turn passes it to
mm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this
function is called after virtio_transport_fill_skb() has already consumed
the iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count
will be 0, skipping the RLIMIT_MEMLOCK enforcement.

Pass pkt_len (the total bytes being sent) as an explicit parameter to
virtio_transport_init_zcopy_skb() instead of reading the already-consumed
iter->count.

This matches TCP and UDP, which both call msg_zerocopy_realloc() with
the original message size.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 581512a6dc939ef122e49336626ae159f3b8a345
Version < 6af1736b5810bc8a4a43a8518530113f5a757dc1
Status affected
Version 581512a6dc939ef122e49336626ae159f3b8a345
Version < d0117950075f0a9d5944980784c719d8ebcd4bff
Status affected
Version 581512a6dc939ef122e49336626ae159f3b8a345
Version < 1cb36e252211506f51095fe7ced8286cc77b4c80
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.7
Status affected
Version 0
Version < 6.7
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.07
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/6af1736b5810bc8a4a43a8518530113f5a757dc1
https://git.kernel.org/stable/c/d0117950075f0a9d5944980784c719d8ebcd4bff
https://git.kernel.org/stable/c/1cb36e252211506f51095fe7ced8286cc77b4c80