vsock/virtio: fix accept queue count leak on transport mismatch

Summary

CVE	CVE-2026-46214
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-28 10:16:37 UTC
Updated	2026-06-01 17:17:32 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

Risk And Classification

EPSS: 0.000180000 probability, percentile 0.050770000 (date 2026-06-01)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a 2ea5d2c79edcc99c7dbe0bb7518f5e1ee2a2391f git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a fd51e810affa38d735d04261e673b2a5fe9c8665 git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a f66c7904fb6f0e420a654bc90909e64a25d00896 git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a 65c484726e74013a2ec7ba67a34d87760ae8f390 git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a 29371f3cc83e2a92265b4768014a30b80234112f git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a e9edf9893cf26d060705c910a9b62d8cc96ed56a git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a 6d3275fc4ed968938e1d556c344798046776668d git	Not specified
CNA	Linux	Linux	affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a 52bcb57a4e8a0865a76c587c2451906342ae1b2d git	Not specified
CNA	Linux	Linux	affected 5.5	Not specified
CNA	Linux	Linux	unaffected 5.5 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.258 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.140 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.90 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.32 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.9 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1-rc1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/2ea5d2c79edcc99c7dbe0bb7518f5e1ee2a2391f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/65c484726e74013a2ec7ba67a34d87760ae8f390	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f66c7904fb6f0e420a654bc90909e64a25d00896	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/6d3275fc4ed968938e1d556c344798046776668d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e9edf9893cf26d060705c910a9b62d8cc96ed56a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/fd51e810affa38d735d04261e673b2a5fe9c8665	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.