CVE-2026-52994

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix MSG ZEROCOPY pinned-pages accounting

virtio transport init zcopy skb() uses iter->count as the size argument for msg zerocopy realloc(), which in turn passes it to mm account pinned pages() for RLIMIT MEMLOCK accounting. However, this function is called after virtio transport fill skb() has already consumed the iterator via zerocopy sg from iter(), so on the last skb, iter->count will be 0, skipping the RLIMIT MEMLOCK enforcement.

Pass pkt len (the total bytes being sent) as an explicit parameter to virtio transport init zcopy skb() instead of reading the already-consumed iter->count.

This matches TCP and UDP, which both call msg zerocopy realloc() with the original message size.