CVE-2026-23086

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's virtio transports are susceptible to an issue where the transmission (TX) credit is derived directly from peer buf alloc, which is determined by the remote endpoint's SO VM SOCKETS BUFFER SIZE value. This allows a malicious guest to advertise a large buffer size and read data slowly, potentially causing the host to allocate a substantial amount of sk buff memory. The same issue can occur in the guest if a malicious host is involved, as virtio transports share a common code base. A proof-of-concept (PoC) on an unpatched Ubuntu 22.04 host with approximately 64 GiB of RAM demonstrated that 32 guest vsock connections, each advertising 2 GiB and reading slowly, increased Slab/SUnreclaim memory usage from around 0.5 GiB to approximately 57 GiB, leading to system instability. The issue impacts virtio-vsock, vhost-vsock, and loopback due to changes limited to virtio transport common.c. The fix involves introducing a helper function, virtio transport tx buf size(), to ensure the effective TX window is bounded by both the peer's advertised buffer and the host's own buffer allocation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.