CVE-2026-43494
Linux Kernel Memory Corruption in RDS Protocol
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's RDS (Reliable Datagram Sockets) networking code. Specifically, when the function iov_iter_get_pages2() fails during the operation rds_message_zcopy_from_user(), the pinned pages are released correctly, but a counter named op_nents is not properly reset. Later, when the cleanup function rds_message_purge() is called, it incorrectly assumes that op_nents is non-zero and attempts to free resources again, which can lead to improper memory handling.
How can this vulnerability impact me? :
The improper resetting of op_nents can cause the cleanup code to free memory resources multiple times. This can lead to memory corruption, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to improper resetting of op_nents in the RDS subsystem has been resolved by a patch that properly resets op_nents when iov_iter_get_pages2() fails.
To mitigate this vulnerability immediately, you should update your Linux kernel to the fixed version released on or after 2026-05-21 that includes this patch.