CVE-2026-52994

Source
https://cve.org/CVERecord?id=CVE-2026-52994
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52994.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52994
Downstream
Published
2026-06-24T16:29:07.360Z
Modified
2026-07-12T03:55:21.444519952Z
Summary
vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting

virtiotransportinitzcopyskb() uses iter->count as the size argument for msgzerocopyrealloc(), which in turn passes it to mmaccountpinnedpages() for RLIMITMEMLOCK accounting. However, this function is called after virtiotransportfill_skb() has already consumed the iterator via __zerocopysgfromiter(), so on the last skb, iter->count will be 0, skipping the RLIMITMEMLOCK enforcement.

Pass pktlen (the total bytes being sent) as an explicit parameter to virtiotransportinitzcopy_skb() instead of reading the already-consumed iter->count.

This matches TCP and UDP, which both call msgzerocopyrealloc() with the original message size.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52994.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
581512a6dc939ef122e49336626ae159f3b8a345
Fixed
6af1736b5810bc8a4a43a8518530113f5a757dc1
Fixed
d0117950075f0a9d5944980784c719d8ebcd4bff
Fixed
1cb36e252211506f51095fe7ced8286cc77b4c80

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52994.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52994.json"