CVE-2026-46234
Buffer Size Clamping Order Issue in Linux Kernel
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's vsock component, specifically in the function vsock_update_buffer_size(). The issue arises because the buffer size was clamped incorrectly: the code first limited the buffer size to a maximum value and then to a minimum value. If a user sets the minimum buffer size larger than the maximum, the minimum check overrides the maximum, causing the buffer size to exceed the intended maximum limit.
This behavior breaks the intended socket memory boundaries by allowing the buffer size to grow beyond the configured maximum size. The fix involves changing the order of checks to clamp the buffer size to the minimum first and then to the maximum, ensuring the buffer size never exceeds the maximum allowed.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing the buffer size in the vsock socket to grow beyond its configured maximum limit. This could potentially lead to excessive memory usage or resource exhaustion in the kernel, which might affect system stability or performance.