NVD

CVE-2026-52994 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting virtio_transport_init_zcopy_skb() uses iter->count as the size argument for msg_zerocopy_realloc(), which in turn passes it to mm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this function is called after virtio_transport_fill_skb() has already consumed the iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count will be 0, skipping the RLIMIT_MEMLOCK enforcement. Pass pkt_len (the total bytes being sent) as an explicit parameter to virtio_transport_init_zcopy_skb() instead of reading the already-consumed iter->count. This matches TCP and UDP, which both call msg_zerocopy_realloc() with the original message size.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/1cb36e252211506f51095fe7ced8286cc77b4c80	kernel.org
https://git.kernel.org/stable/c/6af1736b5810bc8a4a43a8518530113f5a757dc1	kernel.org
https://git.kernel.org/stable/c/d0117950075f0a9d5944980784c719d8ebcd4bff	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/24/2026 1:17:10 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting virtio_transport_init_zcopy_skb() uses iter->count as the size argument for msg_zerocopy_realloc(), which in turn passes it to mm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this function is called after virtio_transport_fill_skb() has already consumed the iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count will be 0, skipping the RLIMIT_MEMLOCK enforcement. Pass pkt_len (the total bytes being sent) as an explicit parameter to virtio_transport_init_zcopy_skb() instead of reading the already-consumed iter->count. This matches TCP and UDP, which both call msg_zerocopy_realloc() with the original message size.
Added	Reference	https://git.kernel.org/stable/c/1cb36e252211506f51095fe7ced8286cc77b4c80
Added	Reference	https://git.kernel.org/stable/c/6af1736b5810bc8a4a43a8518530113f5a757dc1
Added	Reference	https://git.kernel.org/stable/c/d0117950075f0a9d5944980784c719d8ebcd4bff
Added	Affected	[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"6af1736b5810bc8a4a43a8518530113f5a757dc1","versionType":"git","status":"affected"},{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"d0117950075f0a9d5944980784c719d8ebcd4bff","versionType":"git","status":"affected"},{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"1cb36e252211506f51095fe7ced8286cc77b4c80","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

Quick Info

CVE Dictionary Entry:
CVE-2026-52994
NVD Published Date:
06/24/2026
NVD Last Modified:
06/24/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-52994 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/24/2026 1:17:10 PM

Quick Info