CVE-2026-23057

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the vsock/virtio subsystem related to buffer coalescing in the receive queue. Specifically, the code attempts to join a linear skb (socket buffer) with a spare tail room with a small skb, limited by GOOD COPY LEN (defined as 128). The introduction of MSG ZEROCOPY support invalidated the assumption that small skbs would always be linear, leading to data loss and the appending of uninitialized kernel memory to the linear skb in the zerocopy case. Only the loopback-transport is affected. The virtio vsock alloc linear skb() function in virtio vsock rx fill() ensures linear skbs for the G2H virtio-transport rx queue. The H2G vhost-transport may allocate non-linear skbs, but only for sizes not considered for coalescence, as defined by PAGE ALLOC COSTLY ORDER in virtio vsock alloc skb(). The issue is resolved by ensuring that only linear skbs are coalesced, verified by checking skb tailroom(last skb) > 0.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.