Impact
The Linux kernel virtio VSOCK transport can accept zero‑length packets marked with the end‑of‑message flag. For each such packet the logic that limits the queue only checks the total bytes received, not the number of socket buffers. Because the counter remains zero, a large number of packed socket buffers can be queued, consuming kernel memory and potentially crashing the system. This flaw is a classic instance of resource starvation, matching CWE-770.
Affected Systems
Any Linux kernel that includes the virtio VSOCK transport but does not contain the commit that fixes the zero‑length handling is vulnerable. The code is part of the standard virtio subsystem used by virtual machine and container runtimes, so virtually all builds of the Linux kernel released before the fix are considered at risk.
Risk and Exploitability
The CVSS score of 7.1 indicates the flaw has high severity, while the EPSS score of less than 1% signals a low probability of exploitation in the wild. The definitive exploit is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must be able to send crafted virtio VSOCK packets, which could be achieved by a process that can communicate with the virtio device; the required privilege level is not specified in the advisory, but typically such access is limited to privileged users or processes running inside the same virtual machine.
OpenCVE Enrichment