Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46214

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-28 May, 2026 | 09:40
Updated At-28 May, 2026 | 09:40
Rejected At-
Credits

vsock/virtio: fix accept queue count leak on transport mismatch

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:28 May, 2026 | 09:40
Updated At:28 May, 2026 | 09:40
Rejected At:
▼CVE Numbering Authority (CNA)
vsock/virtio: fix accept queue count leak on transport mismatch

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/vmw_vsock/virtio_transport_common.c
Default Status
unaffected
Versions
Affected
  • From c0cfa2d8a788fcf45df5bf4070ab2474c88d543a before 65c484726e74013a2ec7ba67a34d87760ae8f390 (git)
  • From c0cfa2d8a788fcf45df5bf4070ab2474c88d543a before 29371f3cc83e2a92265b4768014a30b80234112f (git)
  • From c0cfa2d8a788fcf45df5bf4070ab2474c88d543a before e9edf9893cf26d060705c910a9b62d8cc96ed56a (git)
  • From c0cfa2d8a788fcf45df5bf4070ab2474c88d543a before 6d3275fc4ed968938e1d556c344798046776668d (git)
  • From c0cfa2d8a788fcf45df5bf4070ab2474c88d543a before 52bcb57a4e8a0865a76c587c2451906342ae1b2d (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/vmw_vsock/virtio_transport_common.c
Default Status
affected
Versions
Affected
  • 5.5
Unaffected
  • From 0 before 5.5 (semver)
  • From 6.6.140 through 6.6.* (semver)
  • From 6.12.90 through 6.12.* (semver)
  • From 6.18.32 through 6.18.* (semver)
  • From 7.0.9 through 7.0.* (semver)
  • From 7.1-rc1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390
N/A
https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f
N/A
https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a
N/A
https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d
N/A
https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d
N/A
Hyperlink: https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:28 May, 2026 | 10:16
Updated At:28 May, 2026 | 10:16

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
Hyperlink: https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found