CVE-2026-23069 — Integer Underflow (Wrap or Wraparound) in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateFeb 10
Description
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix potential underflow in virtio_transport_get_credit()
The credit calculation in virtio_transport_get_credit() uses unsigned
arithmetic:
ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt);
If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes
are in flight, the subtraction can underflow and produce a large
positive value, potentially allowing more data to be queued than the
peer ca…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux06a8fc78367d070720af960dcecec917d3ae5f3b — d96de882d6b99955604669d962ae14e94b66a551+5
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-pwx7-84p4-42qc: In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix potential underflow in virtio_transport_get_credit()
The credi↗2026-02-04
OSV▶
CVE-2026-23069: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit↗2026-02-04
📋Vendor Advisories
3Debian▶
CVE-2026-23069: linux - In the Linux kernel, the following vulnerability has been resolved: vsock/virti...↗2026