UBUNTU-CVE-2026-43494

Advisory lineage Upstream: 1 Downstream: 10

Upstream

CVE-2026-43494

Downstream

USN-8370-1 USN-8371-1 USN-8373-1 USN-8374-1 USN-8388-1 USN-8389-1

Published: 21 May 2026, 12:16

Last modified:12 Jun 2026, 09:14

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2026, 12:16

Published

Vulnerability first disclosed

12 Jun 2026, 09:14

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

ubuntu•linux
all | all | all | all | all | < 5.4.0-231.251 | < 5.15.0-181.191 | < 6.8.0-124.124 | < 6.17.0-35.35 | < 7.0.0-22.22
ubuntu•linux-allwinner-5.19
all
ubuntu•linux-aws
all | all | all | all | all | < 5.4.0-1160.170 | < 5.15.0-1109.116 | < 6.8.0-1057.60 | < 6.17.0-1017.17 | < 7.0.0-1006.6
ubuntu•linux-aws-5.0
all
ubuntu•linux-aws-5.11
all
ubuntu•linux-aws-5.13
all
ubuntu•linux-aws-5.15
all | < 5.15.0-1109.116~20.04.1
ubuntu•linux-aws-5.19
all
ubuntu•linux-aws-5.3
all
ubuntu•linux-aws-5.4
all | < 5.4.0-1160.170~18.04.1
ubuntu•linux-aws-5.8
all
ubuntu•linux-aws-6.14
all
ubuntu•linux-aws-6.17
all | < 6.17.0-1017.17~24.04.1
ubuntu•linux-aws-6.2
all
ubuntu•linux-aws-6.5
all
ubuntu•linux-aws-6.8
all | < 6.8.0-1057.60~22.04.1
ubuntu•linux-aws-fips
< 5.4.0-1160.170+fips1 | all | < 5.15.0-1109.116+fips1 | < 6.8.0-1057.60+fips1
ubuntu•linux-aws-hwe
all
ubuntu•linux-azure
all | all | all | all | < 5.4.0-1164.170 | all | < 6.8.0-1058.64 | < 6.17.0-1017.17 | all
ubuntu•linux-azure-4.15
all
ubuntu•linux-azure-5.11
all
ubuntu•linux-azure-5.13
all
ubuntu•linux-azure-5.15
all | < 5.15.0-1114.123~20.04.1
ubuntu•linux-azure-5.19
all
ubuntu•linux-azure-5.3
all
ubuntu•linux-azure-5.4
all | < 5.4.0-1164.170~18.04.1
ubuntu•linux-azure-5.8
all
ubuntu•linux-azure-6.11
all
ubuntu•linux-azure-6.14
all
ubuntu•linux-azure-6.17
all | < 6.17.0-1017.17~24.04.1
ubuntu•linux-azure-6.2
all
ubuntu•linux-azure-6.5
all
ubuntu•linux-azure-6.8
all
ubuntu•linux-azure-edge
all
ubuntu•linux-azure-fde
all | all | all | all | all
ubuntu•linux-azure-fde-5.15
all
ubuntu•linux-azure-fde-5.19
all
ubuntu•linux-azure-fde-6.14
all
ubuntu•linux-azure-fde-6.17
all
ubuntu•linux-azure-fde-6.2
all
ubuntu•linux-azure-fde-6.8
all
ubuntu•linux-azure-fips
< 5.4.0-1164.170+fips1 | all | < 5.15.0-1114.123+fips1 | < 6.8.0-1059.65+fips1
ubuntu•linux-azure-nvidia
all
ubuntu•linux-azure-nvidia-6.14
all
ubuntu•linux-bluefield
all | < 5.4.0-1119.126 | < 5.15.0-1093.95 | all
ubuntu•linux-fips
< 5.4.0-1134.144 | all | < 5.15.0-181.191+fips1 | < 6.8.0-124.124+fips1
ubuntu•linux-gcp
all | all | all | all | all | all | < 5.4.0-1163.172 | < 5.15.0-1109.118 | < 6.8.0-1060.63 | < 6.17.0-1018.19 | < 7.0.0-1005.5
ubuntu•linux-gcp-4.15
all
ubuntu•linux-gcp-5.11
all
ubuntu•linux-gcp-5.13
all

Showing first 50 affected entries in server-rendered view.