CVE-2026-52943

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the network skbuff component where the pskb carve inside header() and pskb carve inside nonlinear() functions copy the skb shared info header into a new buffer without calling net zcopy get() for the new shared information. This results in an unaccounted holder for the destructor arg pointer used in MSG ZEROCOPY skbs. Consequently, the reference count of uarg can be driven to zero prematurely, leading to a use-after-free condition on ubuf info msgzc while TX skbs still hold live pointers. This flaw allows an unprivileged local user to achieve full root privilege escalation on a default kernel configuration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.