CVE-2026-46207
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
10/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vsock/virtio: fix empty payload in tap skb for non-linear buffers<br />
<br />
For non-linear skbs, virtio_transport_build_skb() goes through<br />
virtio_transport_copy_nonlinear_skb() to copy the original payload<br />
in the new skb to be delivered to the vsockmon tap device.<br />
This manually initializes an iov_iter but does not set iov_iter.count.<br />
Since the iov_iter is zero-initialized, the copy length is zero and no<br />
payload is actually copied to the monitor interface, leaving data<br />
un-initialized.<br />
<br />
Fix this by removing the linear vs non-linear split and using<br />
skb_copy_datagram_iter() with iov_iter_kvec() for all cases, as<br />
vhost-vsock already does. This handles both linear and non-linear skbs,<br />
properly initializes the iov_iter, and removes the now unused<br />
virtio_transport_copy_nonlinear_skb().<br />
<br />
While touching this code, let&#39;s also check the return value of<br />
skb_copy_datagram_iter(), even though it&#39;s unlikely to fail.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.90 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.32 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



