{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-46320/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-14T04:30:14.773Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-46320","@id":"https://www.cve.org/CVERecord?id=CVE-2026-46320","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntap: free page on error paths in tap_get_user_xdp()\n\ntap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL,\nand returns -ENOMEM when build_skb() fails. Both paths jump to the err\nlabel without freeing the page that vhost_net_build_xdp() allocated for\nthe frame. tap_sendmsg() discards the per-buffer return value and always\nreturns 0, so vhost_tx_batch() takes the success path and never frees\nthe page; each reject"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:4.20:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:4.20:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 18a84c35842e19cd3c5534d8cee73d31863f696d, 3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2, 7.0.12, 7.1-rc6.","timestamp":"2026-06-14T04:30:14.773Z"}]}