Linux Kernel Vulnerability in Vsock Handling
CVE-2026-53365
What is CVE-2026-53365?
A vulnerability exists in the Linux kernel's vsock/virtio implementation regarding zerocopy completion for multi-segment sends. If a large message is fragmented into multiple skbs, only the last skb has the zerocopy user argument (uarg) allocated, leaving non-final skbs with pinned user pages that lack proper completion tracking. This can lead to unnotified leaks of user pages when the send loop breaks prematurely. The defect has been addressed by adjusting the allocation and attachment of uarg to each skb, ensuring that completion tracking is correctly implemented across all skbs, thereby providing safer resource management and notifying userspace when pages are available for reuse.
Affected Version(s)
Linux 581512a6dc939ef122e49336626ae159f3b8a345 < 76b995bc57bd90cb6e954e1966fbd8786da47f0d
Linux 581512a6dc939ef122e49336626ae159f3b8a345
Linux 581512a6dc939ef122e49336626ae159f3b8a345