CVE Catalog

CVE-2026-46214

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the leak of the accepted connection count on transport mismatch. The issue occurs when the vsock_assign_transport() function fails or selects a different transport, leading to a permanent increment of sk_ack_backlog.

Risk Assessment

This vulnerability may lead to the rejection of all new connections after exceeding a certain number of failures, potentially impacting the availability of services on the system.

Recommendation

It is recommended to update the Linux kernel to the latest version where this issue has been fixed.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS