What is CVE-2026-46214?

CVE-2026-46214 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.5 onward and patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46214?

CVE-2026-46214 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46214?

Yes, CVE-2026-46214 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 5.5 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46214 actively exploited?

CVE-2026-46214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport.

Package Linux Kernel

Published 2026-05-28

Last modified 2026-06-01

Patch available

Yes

Affected versions

Linux kernel versions 5.5 and later are affected. Fixed in 5.10.258, 5.15.209, 6.1.175, 6.6.140, 6.12.90, 6.18.32, 7.0.9, 7.1-rc1 and their respective stable series.

Affected from

≥ 5.5

Fixed in

✓ 5.10.258 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.140 6.6.x ✓ 6.12.90 6.12.x ✓ 6.18.32 6.18.x ✓ 7.0.9 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46214 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/29371f3cc83e2a92265b4768014a30b80234112f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2ea5d2c79edcc99c7dbe0bb7518f5e1ee2a2391f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/52bcb57a4e8a0865a76c587c2451906342ae1b2d
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46214?

CVE-2026-46214 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.5 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46214 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46214?

Yes — CVE-2026-46214 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 5.5 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46214 actively exploited?

No — CVE-2026-46214 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.