CVE-2026-23069
vsock/virtio: fix potential underflow in virtio_transport_get_credit()
Description
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]
INFO
Published Date :
Feb. 4, 2026, 5:16 p.m.
Last Modified :
March 13, 2026, 9:27 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Apply the provided patch to fix the credit calculation.
- Update the Linux kernel to the latest secure version.
- Ensure proper handling of peer buffer advertisements.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-23069.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-23069 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-23069
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-23069 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-23069 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 13, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-191 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.122 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.68 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.8 *cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.8 up to (excluding) 6.1.162 Added Reference Type kernel.org: https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e94b66a551 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 06, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e94b66a551 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 04, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message] Added Reference https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899 Added Reference https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012 Added Reference https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542 Added Reference https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3