CVE-2026-46207 Linux CVE debrief

Who should care

Organizations running Linux-based virtualization infrastructure using KVM with virtio-vsock enabled, particularly those utilizing the vsockmon monitoring interface for debugging or security monitoring of host-guest socket communications.

Technical summary

The virtio_transport_build_skb() function in the Linux kernel's virtio-vsock transport incorrectly handles non-linear skbs when building packets for the vsockmon tap device. The function uses virtio_transport_copy_nonlinear_skb() which initializes an iov_iter without setting iov_iter.count, leaving it at zero due to zero-initialization. This causes no payload data to be copied to the monitor skb, resulting in uninitialized memory being exposed to the monitoring interface. The vulnerability is resolved by removing the separate linear/non-linear code paths and using skb_copy_datagram_iter() with iov_iter_kvec() for all cases, which properly initializes the iterator and handles both buffer types correctly. The fix also adds proper error checking for skb_copy_datagram_iter() return values.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from your Linux distribution that include the fix for CVE-2026-46207
• Verify virtio-vsock kernel module version matches patched releases in stable branches
• Monitor vsockmon tap interface output for anomalies if running unpatched kernels with virtio-vsock enabled
• Review KVM/virtualization host configurations for virtio-vsock usage
• Schedule maintenance windows for kernel updates on affected virtualization infrastructure

Evidence notes

Vulnerability description confirms uninitialized data exposure in vsockmon tap device for non-linear skbs. Fix commit references indicate backports to stable kernel branches. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources