Use of uninitialized resource in Linux kernel - CVE-2026-46207
Published: May 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to disclose sensitive information.
The vulnerability exists due to uninitialized memory exposure in virtio_transport_build_skb() when processing non-linear skbs for delivery to the vsockmon tap device. A local attacker can trigger handling of a specially crafted non-linear skb to disclose sensitive information.
The issue affects payload copying to the monitor interface, where no payload is copied and data remains uninitialized.