PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46214 Linux CVE debrief

A logic error in the Linux kernel's virtio vsock transport causes the accept queue backlog counter to leak when transport assignment fails or selects a non-virtio transport. The vulnerability exists in virtio_transport_recv_listen(), which increments sk_ack_backlog via sk_acceptq_added() before validating the transport assignment. When vsock_assign_transport() fails or returns a different transport, the error path exits without decrementing the counter via sk_acceptq_removed(). After approximately backlog+1 such mismatches, sk_acceptq_is_full() returns true and the listener rejects all new connections, constituting a denial of service. The fix relocates sk_acceptq_added() to execute only after successful transport validation, aligning with the implementation patterns in vmci_transport and hyperv_transport. Multiple stable kernel branches received patches on 2026-05-28.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Organizations running virtualized Linux workloads using virtio vsock for host-guest communication, particularly cloud providers and enterprises with KVM/QEMU-based virtualization infrastructure

Technical summary

The virtio vsock driver in the Linux kernel contains a logic flaw where sk_acceptq_added() is called before transport validation in virtio_transport_recv_listen(). If vsock_assign_transport() fails or selects an alternative transport, the error path omits sk_acceptq_removed(), causing permanent increment of sk_ack_backlog. This resource leak eventually fills the accept queue, forcing connection rejection. The vulnerability affects virtualized environments using virtio vsock for host-guest communication. Resolution involves reordering operations to validate transport before queue modification, consistent with other vsock transport implementations.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from distribution vendors containing the referenced stable branch commits
  • Monitor vendor security advisories for kernel package availability
  • Verify vsock listener functionality in virtualized environments after patching
  • Review application logs for connection rejection patterns that may indicate exploitation attempts

Evidence notes

Vulnerability description and fix details sourced from official CVE record and NVD entry published 2026-05-28. Kernel commit references confirm patch availability across stable branches. No CVSS score or severity assigned by source databases at time of publication.

Official resources

2026-05-28