Memory Resource Consumption Issue in Linux Kernel Virtio Transport by a Malicious Guest
CVE-2026-23086

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 February 2026

What is CVE-2026-23086?

This vulnerability in the Linux kernel's virtio transport mechanism allows a malicious guest to manipulate TX credit values based on oversized buffer sizes. It can lead to excessive memory allocation on the host, particularly under conditions where many guest connections are established. When a guest advertises a large buffer size, the host's system memory can be driven to its limits, potentially causing performance degradation and responsiveness issues. This flaw necessitates a patch that enforces a bounded TX window, ensuring that the remote peer cannot coerce the host into queuing more data than its own configuration allows. The patch effectively mitigates the risk, limiting the maximum impact on the host's memory management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 06a8fc78367d070720af960dcecec917d3ae5f3b

Linux 06a8fc78367d070720af960dcecec917d3ae5f3b

Linux 06a8fc78367d070720af960dcecec917d3ae5f3b

References

https://git.kernel.org/stable/c/fef7110ae5617555c792a2bb4...
https://git.kernel.org/stable/c/d9d5f222558b42f6277eafaaa...
https://git.kernel.org/stable/c/c0e42fb0e054c2b2ec4ee80f4...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.