CVE-2026-46322

Published: Giu 09, 2026 Last Modified: Giu 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on build_skb failure in tun_xdp_one()

When build_skb() fails in tun_xdp_one(), the function sets ret to
-ENOMEM and jumps to the out label, which returns without freeing the
page that vhost_net_build_xdp() allocated for the frame. As with the
short-frame rejection path, tun_sendmsg() discards the per-buffer error
and still returns total_len, so vhost_tx_batch() takes the success path
and never frees the page. Each build_skb() failure in a batch leaks one
page-frag chunk.

Free the page before taking the error path, matching the put_page() the
other error exits of tun_xdp_one() already perform.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 5 Days)

https://git.kernel.org/stable/c/4fefc6156a162a9f50035c12091…
https://git.kernel.org/stable/c/4fefc6156a162a9f50035c12091a5e5130c82c6e
https://git.kernel.org/stable/c/aa308e9dbb9acb17cacdbbce9e4…
https://git.kernel.org/stable/c/aa308e9dbb9acb17cacdbbce9e4504f69bac8385
https://git.kernel.org/stable/c/aa8963fdce667a42fb7f0bdd290…
https://git.kernel.org/stable/c/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8
https://git.kernel.org/stable/c/d16e38fac09a47bfcf98c1ad65a…
https://git.kernel.org/stable/c/d16e38fac09a47bfcf98c1ad65a1bb53f94540f5