CVE-2026-43502 | net/rds: handle zerocopy send cleanup before the message is queued

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy state from rm->m_rs, so an unqueued message can be cleaned up as if it owned normal payload pages. However, zerocopy ownership is really determined by the presence of op_mmp_znotifier, regardless of whether the message has reached the socket queue. Capture op_mmp_znotifier up front in rds_message_purge() and use it as the cleanup discriminator. If the message is already associated with a socket, keep the existing completion path. Otherwise, drop the pinned page accounting directly and release the notifier before putting the payload pages. This keeps early send failure cleanup consistent with the zerocopy lifetime rules without changing the normal queued completion path.

Published: 2026-05-21 Last update: 2026-06-01 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-43502 is rated Low Risk (33.7/100): CVSS High severity, with low exploitation likelihood (EPSS 0.02%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-43502

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-22	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-43502

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.8	3.1	HIGH	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	5.9	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Weakness enumeration for CVE-2026-43502

GitHub Security Advisory for CVE-2026-43502

GHSA-mhq7-fqmq-29pq · Severity: high — In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy...

OS Trackers for CVE-2026-43502

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-43502 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2026-43502
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2026-43502
`suse`	medium	CVE-2026-43502 severity moderate: SUSE including 14 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 39 product×package rows across 8 product lines (SUSE Linux Enterprise Live Patching 12 SP5, SUSE Linux Enterprise Micro 5.0, … (8 product lines)): Known Not Affected 39.	https://www.suse.com/security/cve/CVE-2026-43502/
`ubuntu`	medium	CVE-2026-43502 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1048, ignored 169, needed 122, released 87, not-affected 23.	https://ubuntu.com/security/CVE-2026-43502

Affected software / configurations for CVE-2026-43502

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-43502

URL	Tags
https://git.kernel.org/stable/c/0f5c185fc79a59ee9991234dd6d2a3e5afa6e75b
https://git.kernel.org/stable/c/14ef6fd18db2494098b21e0471bf27a1d8e9993e
https://git.kernel.org/stable/c/1e262db7675e27f42c3f3f47d6011855f4454f24
https://git.kernel.org/stable/c/21d70744e6d3bbf9293aa1ee6fba7c53ad75275e
https://git.kernel.org/stable/c/3abc8983b2bae3f487f77d9da5527d7d6b210d46
https://git.kernel.org/stable/c/44b550d88b267320459d518c0743a241ab2108fa
https://git.kernel.org/stable/c/46662f7dc59475995609bf3e9d27eb36f4acf26f
https://git.kernel.org/stable/c/e9aefdc5c53fe9aed108c14e3d155710a1bb14c9

cvelogic Threat Intelligence