PT-2026-44330 · Linux · Linux Kernel

Published

2026-05-28

·

Updated

2026-06-10

·

CVE-2026-46207

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the vsock/virtio component where non-linear skbs (socket buffers) result in an empty payload in the tap skb. The virtio transport build skb() function utilizes virtio transport copy nonlinear skb() to copy the original payload to the vsockmon tap device. However, the iov iter is manually initialized without setting iov iter.count. Because the iov iter is zero-initialized, the copy length remains zero, causing no payload to be copied to the monitor interface and leaving data uninitialized.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46207
OPENSUSE-SU-2026:10954-1

Affected Products

Linux Kernel