Zerocopy Send Vulnerability in Linux Kernel Affecting Networking Functions
CVE-2026-43502

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43502?

A vulnerability in the Linux kernel's networking functionality can lead to improper cleanup of zerocopy sends. This occurs when a zerocopy send operation fails after user pages are pinned but before the message is queued to the sending socket. The existing cleanup mechanism incorrectly assumes the state of zerocopy ownership based on an incomplete check. This vulnerability has been addressed by refining the cleanup process, ensuring that early send failures are handled consistently with the zerocopy lifecycle rules without altering the completion path for queued messages.

Affected Version(s)

Linux 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 21d70744e6d3bbf9293aa1ee6fba7c53ad75275e

Linux 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 3abc8983b2bae3f487f77d9da5527d7d6b210d46

Linux 0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3 < 14ef6fd18db2494098b21e0471bf27a1d8e9993e

References

https://git.kernel.org/stable/c/21d70744e6d3bbf9293aa1ee6...

https://git.kernel.org/stable/c/3abc8983b2bae3f487f77d9da...

https://git.kernel.org/stable/c/14ef6fd18db2494098b21e047...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43502 Data

JSON