CVE-2026-43494
Awaiting Analysis Awaiting Analysis - Queue
Linux Kernel Memory Corruption in RDS Protocol

Publication date: 2026-05-21

Last updated on: 2026-06-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-06-12
Generated
2026-06-17
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-16
NVD
CVE-2026-43494
EUVD
EUVD-2026-31267
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDS (Reliable Datagram Sockets) networking code. Specifically, when the function iov_iter_get_pages2() fails during the operation rds_message_zcopy_from_user(), the pinned pages are released correctly, but a counter named op_nents is not properly reset. Later, when the cleanup function rds_message_purge() is called, it incorrectly assumes that op_nents is non-zero and attempts to free resources again, which can lead to improper memory handling.

Impact Analysis

The improper resetting of op_nents can cause the cleanup code to free memory resources multiple times. This can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service.

Mitigation Strategies

The vulnerability in the Linux kernel related to improper resetting of op_nents in the RDS subsystem has been resolved by a patch that properly resets op_nents when iov_iter_get_pages2() fails.

To mitigate this vulnerability immediately, you should update your Linux kernel to the fixed version released on or after 2026-05-21 that includes this patch.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart