CVE-2026-43502

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/rds: handle zerocopy send cleanup before the message is queued<br /> <br /> A zerocopy send can fail after user pages have been pinned but before<br /> the message is attached to the sending socket.<br /> <br /> The purge path currently infers zerocopy state from rm-&gt;m_rs, so an<br /> unqueued message can be cleaned up as if it owned normal payload pages.<br /> However, zerocopy ownership is really determined by the presence of<br /> op_mmp_znotifier, regardless of whether the message has reached the<br /> socket queue.<br /> <br /> Capture op_mmp_znotifier up front in rds_message_purge() and use it as<br /> the cleanup discriminator. If the message is already associated with a<br /> socket, keep the existing completion path. Otherwise, drop the pinned<br /> page accounting directly and release the notifier before putting the<br /> payload pages.<br /> <br /> This keeps early send failure cleanup consistent with the zerocopy<br /> lifetime rules without changing the normal queued completion path.