CVE-2026-43502

HIGH EPSS 2.4%
Published May 21, 20261mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 21, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy state from rm->m_rs, so an unqueued message can be cleaned up as if it owned normal payload pages. However, zerocopy ownership is really determined by the presence of op_mmp_znotifier, regardless of whether the message has reached the socket queue. Capture op_mmp_znotifier up front in rds_message_purge() and use it as the cleanup discriminator. If the message is already associated with a socket, keep the existing completion path. Otherwise, drop the pinned page accounting directly and release the notifier before putting the payload pages. This keeps early send failure cleanup consistent with the zerocopy lifetime rules without changing the normal queued completion path.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0f5c185fc79a59ee9991234dd6d2a3e5afa6e75b
  • git.kernel.org https://git.kernel.org/stable/c/14ef6fd18db2494098b21e0471bf27a1d8e9993e
  • git.kernel.org https://git.kernel.org/stable/c/1e262db7675e27f42c3f3f47d6011855f4454f24
  • git.kernel.org https://git.kernel.org/stable/c/21d70744e6d3bbf9293aa1ee6fba7c53ad75275e
  • git.kernel.org https://git.kernel.org/stable/c/3abc8983b2bae3f487f77d9da5527d7d6b210d46
  • git.kernel.org https://git.kernel.org/stable/c/44b550d88b267320459d518c0743a241ab2108fa
  • git.kernel.org https://git.kernel.org/stable/c/46662f7dc59475995609bf3e9d27eb36f4acf26f
  • git.kernel.org https://git.kernel.org/stable/c/e9aefdc5c53fe9aed108c14e3d155710a1bb14c9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.