CVE-2026-43494

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/rds: reset op_nents when zerocopy page pin fails<br /> <br /> When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),<br /> the pinned pages are released with put_page(), and<br /> rm-&gt;data.op_mmp_znotifier is cleared. But we fail to properly<br /> clear rm-&gt;data.op_nents.<br /> <br /> Later when rds_message_purge() is called from rds_sendmsg() the<br /> cleanup loop iterates over the incorrectly non zero number of<br /> op_nents and frees them again.<br /> <br /> Fix this by properly resetting op_nents when it should be in<br /> rds_message_zcopy_from_user().