CVE-2026-43494 · In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get

01 · The Real Story

This is a trapdoor hidden behind a side hallway, not the front gate

CVE-2026-43494 is a Linux kernel local privilege-escalation bug in the net/rds zerocopy send path. When iov_iter_get_pages2() fails inside rds_message_zcopy_from_user(), previously pinned pages are released, but op_nents is not reset; later cleanup can free those pages again. Upstream tracking puts the affected ranges at 4.17.0 through <6.6.141, 6.7.0 through <6.12.91, 6.13.0 through <6.18.33, and 6.19.0 through <7.0.10.

The vendor HIGH is technically defensible if you assume an attacker already has low-privileged code execution on a host with reachable RDS support and can weaponize the bug into root. In real enterprise fleets, though, this lands later in the kill chain: it is local-only, depends on the relatively niche rds subsystem, and multiple distributions reduce exposure by packaging it separately or blacklisting it. Public PoC availability keeps this from being low, but it does not justify treating it like an internet-facing emergency.

"Serious root-on-host impact, but this is still a niche, post-compromise Linux LPE rather than a fleet-wide fire drill."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Get a low-privileged foothold

The attacker first needs local code execution as an unprivileged or low-privileged user on the target Linux host. This can come from a compromised developer box, a shared shell account, a vulnerable app that yields command execution, or a container breakout pre-stage.

Conditions required:

Local code execution on the target host
Ability to run native syscalls from user space

Where this breaks in practice:

This is already post-initial-access; it does not create the first foothold
Single-user locked-down servers and appliance-style workloads sharply reduce attacker opportunity

Detection/coverage: EDR and shell telemetry can see the initial foothold, but vulnerability scanners cannot infer whether an attacker has this prerequisite.

STEP 02

Reach the RDS zerocopy path

The exploit path requires the PF_RDS / AF_RDS socket family and the vulnerable RDS code to be present and reachable. The public PinTheft discussion notes that many common distro installs do not expose this cleanly: Fedora, for example, packages rds in kernel-modules-extra and blacklists it by default in the cited thread.

Conditions required:

CONFIG_RDS=y or CONFIG_RDS=m with the module available
The rds module loaded or loadable
Attacker can create RDS sockets and hit the zerocopy send logic

Where this breaks in practice:

RDS is a niche subsystem compared with core networking or filesystem paths
Many enterprise hosts never load rds at all
Blacklisting or packaging separation cuts reachable population further

Detection/coverage: Config auditing can check CONFIG_RDS, module presence, and blacklist state; runtime scanners usually only catch kernel version, not practical reachability.

STEP 03

Trigger the refcount bug with PinTheft-style primitives

The bug is triggered by causing iov_iter_get_pages2() to fail after some pages were already pinned during rds_message_zcopy_from_user(). Because op_nents is left live, later cleanup drops pages again. The published PinTheft chain uses io_uring fixed buffers to turn the stale-page state into a controlled page-cache overwrite path.

Conditions required:

Ability to issue crafted sendmsg() calls against an RDS socket
Kernel behavior that lets the attacker reproduce the page-pin failure path
Useful local primitives such as io_uring fixed buffers for weaponization

Where this breaks in practice:

Turning the bug into reliable LPE is harder than proving a crash
Exploit reliability can vary by kernel build, hardening, and workload mix

Detection/coverage: Behavioral telemetry may catch unusual io_uring plus AF_RDS activity, but generic network IDS/WAF tooling is blind to this chain.

STEP 04

Overwrite privileged page cache and pop root

In the public chain, the freed page is reclaimed as page cache for a SUID-root binary, then overwritten via the stale fixed-buffer pointer. Executing the modified SUID target yields a root shell. At that point the attacker owns the node and can disable defenses, dump secrets, and pivot further.

Conditions required:

A successful reclaim/overwrite sequence
A useful privileged executable or equivalent local privilege boundary to cross

Where this breaks in practice:

Modern hardening and workload isolation can make the last stage less deterministic
Even with a PoC, not every vulnerable kernel build is equally exploitable

Detection/coverage: FIM, EDR, and auditd may see anomalous SUID execution or page-cache abuse aftermath, but prevention is better than post-fact for this step.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public campaign evidence reviewed, and not in CISA KEV during this assessment.
Public exploit / PoC	Yes. The `PinTheft` disclosure on `oss-security` describes a public PoC that chains the RDS bug with `io_uring` fixed buffers to reach root.
EPSS	`0.00013` from the user-supplied intel block — extremely weak near-term exploitation signal compared with internet-facing bugs.
KEV status	Not KEV-listed; that matters because CISA's catalog is the clearest public signal of confirmed in-the-wild exploitation pressure.
CVSS vector meaning	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` means low-priv local attacker to full host impact if the chain is reachable.
Affected versions	OSV lists `4.17.0` to `<6.6.141`, `6.7.0` to `<6.12.91`, `6.13.0` to `<6.18.33`, and `6.19.0` to `<7.0.10`.
Fixed versions	Mainline/stable fixes are `6.6.141`, `6.12.91`, `6.18.33`, and `7.0.10`. Debian `trixie` shows a fix in `linux 6.12.90-2`; SUSE was still Pending / In progress in reviewed tracking.
Reachability reality	This is not internet-scannable. Real exposure hinges on local foothold plus `rds` availability; the oss-security discussion explicitly notes some distros package or blacklist the module by default.
Disclosure date	`2026-05-21`.
Researcher / reporting org	Aaron Esau / V12 security in the `PinTheft` thread referenced by the kernel CVE announcement.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (5.8/10)

The decisive factor is attacker position: this is a local, post-compromise privilege escalation, not an initial-access bug. The second major brake is reachable population — exploitation sits behind the niche RDS zerocopy path, and many enterprise systems never load or even ship rds in the default install path.

HIGH Technical impact once the vulnerable path is reachable

MEDIUM Real-world fleet exposure, because distro packaging and blacklist state vary

MEDIUM Exploitability at scale across mixed enterprise Linux estates

Why this verdict

Downgrade for attacker position: vendor 7.8 assumes a low-priv local attacker already exists on the host. That means this CVE is mostly a *post-compromise amplifier*, not a first-entry risk.
Downgrade for reachable population: the bug lives in the net/rds zerocopy send path, not a mainstream kernel path every workload hits. If rds is absent, never loaded, or blacklisted, the practical attack surface collapses.
Partial upgrade for exploit maturity: a public PinTheft PoC shows this is not just a crash or theoretical refcount bug; it can be driven to root when the environment lines up.
Downgrade for threat evidence: no KEV listing, no reviewed public campaign evidence, and a very low EPSS all argue against emergency fleet-wide treatment.

Why not higher?

Because every serious step in the chain narrows the blast radius. The attacker needs local execution first, then a host where RDS is actually reachable, then enough exploit reliability to convert a kernel memory-management bug into root; that is materially different from an unauthenticated remote or broadly exposed kernel flaw.

Why not lower?

Because the end state is still root on the host, and public weaponization exists. On shared Linux systems, CI runners, multi-user bastions, and dense container nodes, a local LPE with a public chain is not housekeeping noise.

05 · Compensating Control

What to do — in priority order.

Blacklist or unload rds — If your workloads do not use RDS, remove the reachable attack surface by blacklisting rds and unloading it where operationally safe. For a MEDIUM verdict there is no mitigation SLA — apply this opportunistically on higher-risk shared hosts, then complete vendor patching within the 365-day remediation window.
Block AF_RDS and risky local primitives for untrusted workloads — Use seccomp, container runtime policies, LSMs, or host hardening to deny AF_RDS socket creation and restrict io_uring where that fits your platform model. There is no mitigation SLA for MEDIUM, so treat this as targeted risk reduction on developer workstations, CI, VDI, and multi-tenant nodes.
Prioritize shared-user and container-dense Linux nodes — The business risk is much higher where low-privileged users or untrusted code already coexist on the same kernel. There is no mitigation SLA for MEDIUM, but these systems deserve earlier patch sequencing inside the 365-day remediation window.

What doesn't work

Perimeter controls like WAF, IDS, or email filtering do nothing for the vulnerability itself; this is a local kernel exploit path.
Internet exposure management platforms do not meaningfully prioritize this CVE; there is no remotely exposed service to fingerprint.
Assuming rds is harmless because it is not currently loaded can be misleading if the module is still installed and loadable by normal kernel auto-loading paths.

06 · Verification

Crowdsourced verification payload.

Run this on the target Linux host as a local auditor or via your fleet agent. Invoke it with bash cve-2026-43494-check.sh; root is not strictly required, but root improves access to kernel config files and module state. The script reports VULNERABLE, PATCHED, or UNKNOWN and is conservative around distro backports.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# CVE-2026-43494 exposure check
# Outputs: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN
set -euo pipefail

KVER="$(uname -r)"
BASE="${KVER%%-*}"
SUFFIX="${KVER#${BASE}}"
STATUS="UNKNOWN"
REASON=""

ver_lt() {
  [ "$1" != "$2" ] && [ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -n1)" = "$1" ]
}

ver_ge() {
  [ "$1" = "$2" ] || ! ver_lt "$1" "$2"
}

in_range() {
  local v="$1" lo="$2" hi="$3"
  ver_ge "$v" "$lo" && ver_lt "$v" "$hi"
}

is_affected_upstream() {
  local v="$1"
  in_range "$v" "4.17.0" "6.6.141" || \
  in_range "$v" "6.7.0" "6.12.91" || \
  in_range "$v" "6.13.0" "6.18.33" || \
  in_range "$v" "6.19.0" "7.0.10"
}

CFG_LINE=""
if [ -r "/proc/config.gz" ] && command -v zgrep >/dev/null 2>&1; then
  CFG_LINE="$(zgrep '^CONFIG_RDS=' /proc/config.gz 2>/dev/null || true)"
elif [ -r "/boot/config-${KVER}" ]; then
  CFG_LINE="$(grep '^CONFIG_RDS=' "/boot/config-${KVER}" 2>/dev/null || true)"
fi

RDS_CFG="unknown"
case "$CFG_LINE" in
  CONFIG_RDS=y) RDS_CFG="built-in" ;;
  CONFIG_RDS=m) RDS_CFG="module" ;;
  CONFIG_RDS=n|"") RDS_CFG="absent" ;;
  *) RDS_CFG="unknown" ;;
esac

RDS_LOADED="no"
if command -v lsmod >/dev/null 2>&1 && lsmod | awk '{print $1}' | grep -qx 'rds'; then
  RDS_LOADED="yes"
fi

RDS_PRESENT="no"
if [ "$RDS_CFG" = "built-in" ] || [ "$RDS_CFG" = "module" ]; then
  RDS_PRESENT="yes"
elif command -v modinfo >/dev/null 2>&1 && modinfo rds >/dev/null 2>&1; then
  RDS_PRESENT="yes"
fi

BLACKLISTED="no"
if grep -RqsE '^[[:space:]]*blacklist[[:space:]]+rds([[:space:]]|$)' /etc/modprobe.d /usr/lib/modprobe.d /lib/modprobe.d 2>/dev/null; then
  BLACKLISTED="yes"
fi

if [ "$RDS_CFG" = "absent" ] || { [ "$RDS_PRESENT" = "no" ] && [ "$RDS_LOADED" = "no" ]; }; then
  STATUS="PATCHED"
  REASON="RDS support not present on this host; vulnerable subsystem is not reachable here."
elif ! is_affected_upstream "$BASE"; then
  STATUS="PATCHED"
  REASON="Kernel base version ${BASE} is outside the published upstream affected ranges."
else
  # Distro kernels often backport fixes without changing the base version.
  if [ -n "$SUFFIX" ]; then
    if [ "$BLACKLISTED" = "yes" ] && [ "$RDS_LOADED" = "no" ]; then
      STATUS="UNKNOWN"
      REASON="Kernel base ${BASE} falls in an affected upstream range, but this appears to be a distro kernel with possible backports; RDS is blacklisted and not loaded, so current risk is mitigated but patch state is not provable offline."
    else
      STATUS="UNKNOWN"
      REASON="Kernel base ${BASE} falls in an affected upstream range, but distro backports cannot be validated from uname alone. Check vendor advisory/package changelog for CVE-2026-43494."
    fi
  else
    if [ "$BLACKLISTED" = "yes" ] && [ "$RDS_LOADED" = "no" ]; then
      STATUS="UNKNOWN"
      REASON="Mainline-style kernel base ${BASE} is in an affected range, but RDS is currently blacklisted and not loaded; host is mitigated, patch state still unknown."
    else
      STATUS="VULNERABLE"
      REASON="Mainline-style kernel base ${BASE} is in a published affected range and RDS is present/reachable."
    fi
  fi
fi

echo "${STATUS}: ${REASON}"
case "$STATUS" in
  PATCHED) exit 0 ;;
  VULNERABLE) exit 1 ;;
  *) exit 2 ;;
esac

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, do not treat this like an all-hands internet edge event. First, inventory Linux hosts where rds is present, loaded, or allowed to load, and push those systems — especially shared-user servers, CI runners, developer workstations, and container-dense nodes — to the front of your kernel patch queue; for this MEDIUM verdict there is no noisgate mitigation SLA — go straight to the 365-day remediation window for the general fleet. If you need immediate risk reduction on higher-risk shared hosts, disable or blacklist rds in the next maintenance cycle, then complete vendor kernel patching within the noisgate remediation SLA of ≤365 days.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.