CVE-2026-43494 The advisory has been revoked - it doesn't affect any version of package kernel-devel  (opens in a new tab)


Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.27% (19th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS6-KERNELDEVEL-16799196
  • published22 May 2026
  • disclosed21 May 2026

Introduced: 21 May 2026

CVE-2026-43494  (opens in a new tab)
CWE-1341  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:6.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-devel package and not the kernel-devel package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails

When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents.

Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again.

Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user().