Description
In the Linux kernel, the following vulnerability has been resolved:

vsock: fix buffer size clamping order

In vsock_update_buffer_size(), the buffer size was being clamped to the
maximum first, and then to the minimum. If a user sets a minimum buffer
size larger than the maximum, the minimum check overrides the maximum
check, inverting the constraint.

This breaks the intended socket memory boundaries by allowing the
vsk->buffer_size to grow beyond the configured vsk->buffer_max_size.

Fix this by checking the minimum first, and then the maximum. This
ensures the buffer size never exceeds the buffer_max_size.
Published: 2026-05-28
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel suffers from a bug in the vsock subsystem where the buffer size clamping logic incorrectly applies the maximum constraint after the minimum constraint. When a user specifies a minimum buffer size larger than the configured maximum, the exceeding minimum silently overrides the maximum, allowing the socket buffer to grow beyond the allowed maximum. This violation can cause the socket memory to exceed intended boundaries and potentially exhaust memory or trigger undefined behavior. The primary risk is a denial of service on the host system.

Affected Systems

The affected kernel is any Linux kernel that includes the vsock implementation and has not applied the fix referenced in the Git commit logs. The Common Platform Enumeration string indicates all variants of the Linux kernel. The specific kernel versions impacted are not enumerated in the input, so any release that predates the commit that implements the fix is potentially vulnerable.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog. The CVSS score is not provided, so the severity cannot be quantified from the data. The exploit route is unclear from the description, but the logic flaw requires control over the vsock buffer size settings, implying a local or privileged user context; however the impact of exceeding the buffer size could affect system stability. In the absence of a public exploit, the risk is primarily theoretical until demonstrated; administrators should consider the potential for denial of service in environments that rely on versus sockets.

Generated by OpenCVE AI on May 28, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the latest stable release that incorporates the commit fixing the clamping logic.
  • If an immediate kernel replacement is infeasible, consider disabling vsock functionality or restricting buffer size configuration to values below the maximum via sysctl or application logic.
  • Monitor kernel memory usage and socket buffer allocations for anomalous growth, using tools like top or the vsock subsystem statistics.

Generated by OpenCVE AI on May 28, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.
Title vsock: fix buffer size clamping order
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:40:58.373Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:39.043

Modified: 2026-05-28T10:16:39.043

Link: CVE-2026-46234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T12:30:16Z

Weaknesses