Linux Kernel Vulnerability in RDS Component Affecting Page Management
CVE-2026-43494

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43494?

A vulnerability in the Linux kernel's RDS (Reliable Datagram Sockets) component affects the management of page pinning during zerocopy operations. When the function iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), it releases pinned pages correctly but fails to reset the op_nents variable. This can result in incorrect memory management, as subsequent calls to rds_message_purge() may mistakenly operate on an incorrect count of operation elements. This defect has been addressed to ensure that op_nents is properly reset when necessary.

Affected Version(s)

Linux 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3

Linux 4.17

References

https://git.kernel.org/stable/c/e174929793195e0cd6a4adb0c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43494 Data

JSON