PT-2026-57837 · Linux · Linux Kernel
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-53365
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 7.0.11
Linux kernel versions prior to 7.1
Linux kernel versions prior to 6.7
Linux kernel versions prior to 6.18.34
Description
A flaw exists in the vsock/virtio component regarding zerocopy completion for multi-skb sends. When a large message is fragmented into multiple skbs (socket buffers), the zerocopy
uarg is only attached to the final skb. Consequently, non-final skbs contain pinned user pages without completion tracking, preventing the kernel from notifying userspace when these pages can be reused. If the send loop terminates prematurely, the uarg is not allocated, leading to a leak of pinned pages. This is resolved by allocating the uarg before the send loop and attaching it to every skb using the skb zcopy set() function.Recommendations
Update to version 7.0.11
Update to version 7.1
Update to version 6.7
Update to version 6.18.34
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel