DEBIAN-CVE-2026-23069
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 6.10.11-1, 6.1.164-1, 6.1.2-1 |
| Debian:13 | linux | 6.12.69-1, 6.12.63-1, 6.12.63-1 |
| Debian:11 | linux-6.1 | 6.1.153-1, 6.1.148-1, 6.1.147-1 |
| Debian:14 | linux | 6.17.6-1, 6.17.7-1, 6.17.8-1 |
| Debian:12 | linux | 6.1.128-1, 6.1.129-1, 6.1.133-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Feb 4, 2026 CVE Published
- Apr 28, 2026 CVE Updated