CVE-2026-23069

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23069
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23069.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23069
Downstream
Related
Published
2026-02-04T16:07:49.911Z
Modified
2026-03-27T08:59:23.863958662Z
Summary
vsock/virtio: fix potential underflow in virtio_transport_get_credit()
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential underflow in virtiotransportget_credit()

The credit calculation in virtiotransportget_credit() uses unsigned arithmetic:

ret = vvs->peerbufalloc - (vvs->txcnt - vvs->peerfwd_cnt);

If the peer shrinks its advertised buffer (peerbufalloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle.

Reuse virtiotransporthas_space() which already handles this case and add a comment to make it clear why we are doing that.

[Stefano: use virtiotransporthas_space() instead of duplicating the code] [Stefano: tweak the commit message]

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23069.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
06a8fc78367d070720af960dcecec917d3ae5f3b
Fixed
d96de882d6b99955604669d962ae14e94b66a551
Fixed
02f9af192b98d15883c70dd41ac76d1b0217c899
Fixed
d05bc313788f0684b27f0f5b60c52a844669b542
Fixed
ec0f1b3da8061be3173d1c39faaf9504f91942c3
Fixed
3ef3d52a1a9860d094395c7a3e593f3aa26ff012

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23069.json"