CVE-2026-46234
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the vsock_update_buffer_size() function, allowing the buffer size to exceed the maximum limit. The issue stemmed from an incorrect order of checking minimum and maximum values, potentially violating socket memory boundaries.
Risk Assessment
Violating socket memory boundaries may lead to unpredictable system behavior, posing risks to the stability and security of applications utilizing virtual sockets.
Recommendation
It is recommended to update the Linux kernel to the latest version to apply the fix that corrects the order of buffer size checks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.

