CVE-2026-46234
Analyzed Analyzed - Analysis Complete
Buffer Size Clamping Order Issue in Linux Kernel

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46234
EUVD
EUVD-2026-32752
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.32 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.90 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's vsock component, specifically in the function vsock_update_buffer_size(). The issue arises because the buffer size was clamped incorrectly: the code first limited the buffer size to a maximum value and then to a minimum value. If a user sets the minimum buffer size larger than the maximum, the minimum check overrides the maximum, causing the buffer size to exceed the intended maximum limit.

This behavior breaks the intended socket memory boundaries by allowing the buffer size to grow beyond the configured maximum size. The fix involves changing the order of checks to clamp the buffer size to the minimum first and then to the maximum, ensuring the buffer size never exceeds the maximum allowed.

Impact Analysis

This vulnerability can impact you by allowing the buffer size in the vsock socket to grow beyond its configured maximum limit. This could potentially lead to excessive memory usage or resource exhaustion in the kernel, which might affect system stability or performance.

Mitigation Strategies

The vulnerability in the Linux kernel related to vsock buffer size clamping has been fixed by changing the order of checks in vsock_update_buffer_size(). To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart