PT-2026-57837 · Linux · Linux Kernel

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-53365

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 7.1 Linux kernel versions prior to 6.7 Linux kernel versions prior to 6.18.34
Description A flaw exists in the vsock/virtio component regarding zerocopy completion for multi-skb sends. When a large message is fragmented into multiple skbs (socket buffers), the zerocopy uarg is only attached to the final skb. Consequently, non-final skbs contain pinned user pages without completion tracking, preventing the kernel from notifying userspace when these pages can be reused. If the send loop terminates prematurely, the uarg is not allocated, leading to a leak of pinned pages. This is resolved by allocating the uarg before the send loop and attaching it to every skb using the skb zcopy set() function.
Recommendations Update to version 7.0.11 Update to version 7.1 Update to version 6.7 Update to version 6.18.34
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-53365

Affected Products

Linux Kernel