CVE-2026-43494

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op nents when zerocopy page pin fails

When iov iter get pages2() fails in rds message zcopy from user(), the pinned pages are released with put page(), and rm->data.op mmp znotifier is cleared. But we fail to properly clear rm->data.op nents.

Later when rds message purge() is called from rds sendmsg() the cleanup loop iterates over the incorrectly non zero number of op nents and frees them again.

Fix this by properly resetting op nents when it should be in rds message zcopy from user().

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-43494

Affected Products

Linux

CVE-2026-43494

Related Identifiers

Affected Products

References · 2