Buffer Size Mismanagement in Linux Kernel vsock Component
CVE-2026-46234

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46234?

A vulnerability in the Linux kernel's vsock implementation allowed buffer sizes to be improperly clamped. Specifically, the ordering of minimum and maximum buffer size checks was incorrect. This flaw permitted user-defined minimum buffer sizes to override maximum boundary conditions, thereby allowing the buffer size to exceed specified limits. The fix implemented corrects the validation order, ensuring that the minimum size is evaluated before the maximum, thus maintaining intended memory constraints and preventing oversized buffer allocations.

Affected Version(s)

Linux b9f2b0ffde0c9b666b2b1672eb468b8f805a9b97

Linux b9f2b0ffde0c9b666b2b1672eb468b8f805a9b97 < 310da27932dd0afe7ce7456dfe1f0814c3301f41

Linux b9f2b0ffde0c9b666b2b1672eb468b8f805a9b97 < 2602f7bb5818e92315feeaeb71d8ce4d5c9ab160

References

https://git.kernel.org/stable/c/a998a7e250bf976539e05a00e...

https://git.kernel.org/stable/c/310da27932dd0afe7ce7456df...

https://git.kernel.org/stable/c/2602f7bb5818e92315feeaeb7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46234 Data

JSON