CVE-2026-23057Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare tail room) is followed by a small skb (length limited by GOOD_COPY_LEN = 128), an attempt is made to join them. Since the introduction of MSG_ZEROCOPY support, assumption that a small skb will always be linear is incorrect. In the zerocopy case, data is lost and the linear skb is appended with uninit

Affected Packages4 packages

Linuxlinux/linux_kernel6.7.06.12.68+1
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux581512a6dc939ef122e49336626ae159f3b8a345568e9cd8ed7ca9bf748c7687ba6501f29d30e59f+3
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
OSV
vsock/virtio: Coalesce only linear skb2026-02-04
GHSA
GHSA-2725-mxxg-w826: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buf2026-02-04
OSV
CVE-2026-23057: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffe2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: vsock/virtio: Coalesce only linear skb2026-02-04
Debian
CVE-2026-23057: linux - In the Linux kernel, the following vulnerability has been resolved: vsock/virti...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23057 Impact, Exploitability, and Mitigation Steps | Wiz