Description
In the Linux kernel, the following vulnerability has been resolved:

vsock: fix buffer size clamping order

In vsock_update_buffer_size(), the buffer size was being clamped to the
maximum first, and then to the minimum. If a user sets a minimum buffer
size larger than the maximum, the minimum check overrides the maximum
check, inverting the constraint.

This breaks the intended socket memory boundaries by allowing the
vsk->buffer_size to grow beyond the configured vsk->buffer_max_size.

Fix this by checking the minimum first, and then the maximum. This
ensures the buffer size never exceeds the buffer_max_size.
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the vsock subsystem contains a bug where the buffer size clamping logic checks the minimum size before the maximum size. When a user specifies a minimum larger than the configured maximum, the minimum check overrides the maximum, allowing the socket buffer to grow beyond the intended limits. This can cause the socket memory to exceed its intended boundary, potentially exhausting system memory or triggering undefined behavior. The vulnerability grants a denial‑of‑service condition on the host system.

Affected Systems

All Linux kernels that include the vsock implementation prior to the commit that applies the corrected clamping logic are affected. The Common Platform Enumeration string indicates all variants of the Linux kernel, and no specific version numbers are enumerated in the advisory; any release that predates the fix is potentially vulnerable.

Risk and Exploitability

The EPSS score is < 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.8 classifies it as high severity. The exploit route requires control over the vsock buffer size settings, implying a local or privileged user context; however the impact of exceeding the buffer size could affect system stability. In the absence of a public exploit, the risk is primarily theoretical until demonstrated; administrators should consider the potential for denial of service in environments that rely on versus sockets.

Generated by OpenCVE AI on June 10, 2026 at 22:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the latest stable release that incorporates the commit fixing the clamping logic.
  • If an immediate kernel replacement is infeasible, consider disabling vsock functionality or restricting buffer size configuration to values below the maximum via sysctl or application logic.
  • Monitor kernel memory usage and socket buffer allocations for anomalous growth, using tools like top or the vsock subsystem statistics.

Generated by OpenCVE AI on June 10, 2026 at 22:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Fri, 29 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-179
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.
Title vsock: fix buffer size clamping order
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:04:40.556Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:39.043

Modified: 2026-06-10T21:11:26.870

Link: CVE-2026-46234

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46234 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses
  • CWE-179

    Incorrect Behavior Order: Early Validation

  • CWE-787

    Out-of-bounds Write