In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/T
(In reply to Jon Moroney from comment #1) > Upstream advisory: > https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/T https://cowboysafarigame.com/ Thanks for linking the upstream advisory and updating the classification. The medium severity rating seems appropriate given the potential for credit miscalculation and excessive queueing.