CVE-2026-53132

Published: June 27, 2026Last modified: June 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM. If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0. Fix this by estimating the skb metadata size: (Number of skbs in the queue) * SKB_TRUESIZE(0)

Severity score breakdown

ParameterValue
Base score7.1
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsVulnerable (6.1.175-r0)
25 LTSlinux-ltsVulnerable (6.12.92-r0)
Streamlinux-ltsVulnerable (6.18.35-r1)

References

ON THIS PAGE