{"id":"CVE-2026-46214","summary":"vsock/virtio: fix accept queue count leak on transport mismatch","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix accept queue count leak on transport mismatch\n\nvirtio_transport_recv_listen() calls sk_acceptq_added() before\nvsock_assign_transport(). If vsock_assign_transport() fails or\nselects a different transport, the error path returns without\ncalling sk_acceptq_removed(), permanently incrementing\nsk_ack_backlog.\n\nAfter approximately backlog+1 such failures, sk_acceptq_is_full()\nreturns true, causing the listener to reject all new connections.\n\nFix by moving sk_acceptq_added() to after the transport validation,\nmatching the pattern used by vmci_transport and hyperv_transport.","modified":"2026-06-05T18:29:32.532571553Z","published":"2026-05-28T09:40:31.245Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46214.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ea5d2c79edcc99c7dbe0bb7518f5e1ee2a2391f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f66c7904fb6f0e420a654bc90909e64a25d00896"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd51e810affa38d735d04261e673b2a5fe9c8665"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46214.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46214"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a"},{"fixed":"2ea5d2c79edcc99c7dbe0bb7518f5e1ee2a2391f"},{"fixed":"fd51e810affa38d735d04261e673b2a5fe9c8665"},{"fixed":"f66c7904fb6f0e420a654bc90909e64a25d00896"},{"fixed":"65c484726e74013a2ec7ba67a34d87760ae8f390"},{"fixed":"29371f3cc83e2a92265b4768014a30b80234112f"},{"fixed":"e9edf9893cf26d060705c910a9b62d8cc96ed56a"},{"fixed":"6d3275fc4ed968938e1d556c344798046776668d"},{"fixed":"52bcb57a4e8a0865a76c587c2451906342ae1b2d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46214.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.258"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.90"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.32"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46214.json"}}],"schema_version":"1.7.5"}