VYPR
High severity7.8NVD Advisory· Published May 21, 2026· Updated Jun 12, 2026

CVE-2026-43494

CVE-2026-43494

Description

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

1