Description
In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential unbounded skb queue

virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc.

virtio_transport_recv_enqueue() skips coalescing for packets
with VIRTIO_VSOCK_SEQ_EOM.

If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM,
a very large number of packets can be queued
because vvs->rx_bytes stays at 0.

Fix this by estimating the skb metadata size:

(Number of skbs in the queue) * SKB_TRUESIZE(0)
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel virtio VSOCK transport can accept zero‑length packets marked with the end‑of‑message flag. For each such packet the logic that limits the queue only checks the total bytes received, not the number of socket buffers. Because the counter remains zero, a large number of packed socket buffers can be queued, consuming kernel memory and potentially crashing the system. This flaw is a classic instance of resource starvation, matching CWE-770.

Affected Systems

Any Linux kernel that includes the virtio VSOCK transport but does not contain the commit that fixes the zero‑length handling is vulnerable. The code is part of the standard virtio subsystem used by virtual machine and container runtimes, so virtually all builds of the Linux kernel released before the fix are considered at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates the flaw has high severity, while the EPSS score of less than 1% signals a low probability of exploitation in the wild. The definitive exploit is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must be able to send crafted virtio VSOCK packets, which could be achieved by a process that can communicate with the virtio device; the required privilege level is not specified in the advisory, but typically such access is limited to privileged users or processes running inside the same virtual machine.

Generated by OpenCVE AI on June 28, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the verified patch for the virtio VSOCK transport.
  • If a kernel upgrade is not immediately available, consider disabling virtio socket support or tightly restricting access to the virtio device on the host.
  • Apply Linux kernel hardening options that limit skb queue sizes or filter zero‑length packets with the end‑of‑message flag to mitigate resource exhaustion.

Generated by OpenCVE AI on June 28, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}


Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM. If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0. Fix this by estimating the skb metadata size: (Number of skbs in the queue) * SKB_TRUESIZE(0)
Title vsock/virtio: fix potential unbounded skb queue
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:26.465Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53132

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53132 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:30:07Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling