CVE-2026-46234
vsock: fix buffer size clamping order
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.
INFO
Published Date :
May 28, 2026, 10:16 a.m.
Last Modified :
June 10, 2026, 9:11 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update the Linux kernel.
- Apply the patch for vsock buffer size clamping.
- Verify buffer size constraints are correctly enforced.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-46234.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-46234 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-46234
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-46234 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-46234 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jun. 10, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-787 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.175 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.209 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.140 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.32 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.90 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 7.0.9 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.258 Added Reference Type kernel.org: https://git.kernel.org/stable/c/01ef69785dc3162f588a361ab770b1e312800188 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/0b68881501460c3761f196469e1e503218c5e536 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/2602f7bb5818e92315feeaeb71d8ce4d5c9ab160 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/310da27932dd0afe7ce7456dfe1f0814c3301f41 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/a998a7e250bf976539e05a00ec64a81292afecaa Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/caf11dfea5233a69298a1c448bbf8d1639c80536 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/d114bfdc9b76bf93b881e195b7ec957c14227bab Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/f6ec135941d2c1c2dbb87b5ce1783f4f6ac6ccca Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 01, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/01ef69785dc3162f588a361ab770b1e312800188 Added Reference https://git.kernel.org/stable/c/caf11dfea5233a69298a1c448bbf8d1639c80536 Added Reference https://git.kernel.org/stable/c/f6ec135941d2c1c2dbb87b5ce1783f4f6ac6ccca -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 28, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size. Added Reference https://git.kernel.org/stable/c/0b68881501460c3761f196469e1e503218c5e536 Added Reference https://git.kernel.org/stable/c/2602f7bb5818e92315feeaeb71d8ce4d5c9ab160 Added Reference https://git.kernel.org/stable/c/310da27932dd0afe7ce7456dfe1f0814c3301f41 Added Reference https://git.kernel.org/stable/c/a998a7e250bf976539e05a00ec64a81292afecaa Added Reference https://git.kernel.org/stable/c/d114bfdc9b76bf93b881e195b7ec957c14227bab