CVE-2026-43494

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-free issue exists in the Reliable Delivery Service (RDS) implementation of the Linux kernel. When the iov iter get pages2() function fails within rds message zcopy from user(), the pinned pages are released and the rm->data.op mmp znotifier is cleared, but the rm->data.op nents variable is not properly reset. Consequently, when rds message purge() is subsequently called from rds sendmsg(), the cleanup loop iterates over the incorrect non-zero value of op nents, leading to a second attempt to free the same resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.