You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
zero-copy page pinning
About this tag
Zero-copy page pinning is a kernel memory management technique used in networking subsystems like Linux Reliable Datagram Sockets (RDS). It allows data to be transferred directly between user space and network buffers without copying, improving performance. However, a failed zero-copy page-pin operation can leave stale accounting state, leading to a double-free vulnerability. This issue is tracked as CVE-2026-43494 and is associated with a local privilege-escalation technique called PinTheft. The vulnerability affects Linux servers, WSL-adjacent development environments, and containers. Mitigations include applying kernel patches and monitoring for unusual memory or network behavior. Administrators should prioritize updates to prevent exploitation.
CVE-2026-43494 is a newly published Linux kernel vulnerability, disclosed through NVD on May 21, 2026, in the Reliable Datagram Sockets networking code, where a failed zero-copy page-pin operation can leave stale accounting state and trigger a later double free. The bug is narrow in the way only...