CVE-2026-23086: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size T
Summary
A vulnerability in the Linux kernel's virtio vsock transport allowed a malicious remote peer to force excessive memory allocation by advertising a large buffer size and reading slowly, potentially causing the host to run out of memory. The fix introduces a helper function, virtio_transport_tx_buf_size(), that limits TX credit (the amount of data queued for a connection) to the minimum of both the peer's advertised buffer and the local system's own buffer size, ensuring one endpoint cannot force another to queue more data than its own configuration allows.
Solution / Mitigation
Introduce virtio_transport_tx_buf_size() helper that returns min(peer_buf_alloc, buf_alloc) and use it wherever peer_buf_alloc is consumed. This ensures the effective TX window is bounded by both the peer's advertised buffer and the local buf_alloc (clamped to buffer_max_size via SO_VM_SOCKETS_BUFFER_MAX_SIZE). The patch is applied to virtio_transport_common.c, affecting virtio-vsock, vhost-vsock, and loopback transports.
Vulnerability Details
EPSS: 0.0%
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-23086
First tracked: February 15, 2026 at 08:36 PM
Classified by LLM (prompt v3) · confidence: 95%