Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]

INFO

Published Date :

2026-02-04T16:07:49.911Z

Last Modified :

2026-02-09T08:38:08.392Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23069 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23069.

URL Resource
https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899 cve-icon cve-icon
https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012 cve-icon cve-icon
https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542 cve-icon cve-icon
https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e94b66a551 cve-icon cve-icon
https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23069 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23069 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact