FKIE_CVE-2026-53132
Vulnerability from fkie_nvd - Published: 2026-06-25 09:16 - Updated: 2026-06-30 14:44
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix potential unbounded skb queue
virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc.
virtio_transport_recv_enqueue() skips coalescing for packets
with VIRTIO_VSOCK_SEQ_EOM.
If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM,
a very large number of packets can be queued
because vvs->rx_bytes stays at 0.
Fix this by estimating the skb metadata size:
(Number of skbs in the queue) * SKB_TRUESIZE(0)
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1eca304f97a34ed5e921e1f0e06c8b241f25bf12",
"status": "affected",
"version": "077706165717686a2a6a71405fef036cd5b37ae0",
"versionType": "git"
},
{
"lessThan": "9bdc637fde66b63d6cad0caacd034888bb7bf5f5",
"status": "affected",
"version": "077706165717686a2a6a71405fef036cd5b37ae0",
"versionType": "git"
},
{
"lessThan": "100d5b2ffdc6468b9e48532641f29e83efdcb63c",
"status": "affected",
"version": "077706165717686a2a6a71405fef036cd5b37ae0",
"versionType": "git"
},
{
"lessThan": "059b7dbd20a6f0c539a45ddff1573cb8946685b5",
"status": "affected",
"version": "077706165717686a2a6a71405fef036cd5b37ae0",
"versionType": "git"
},
{
"status": "affected",
"version": "5852a2b573f7a3a29df46296e56aa3491e589cdf",
"versionType": "git"
},
{
"lessThan": "6.2",
"status": "affected",
"version": "6.1.63",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/vmw_vsock/virtio_transport_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential unbounded skb queue\n\nvirtio_transport_inc_rx_pkt() checks vvs-\u003erx_bytes + len \u003e vvs-\u003ebuf_alloc.\n\nvirtio_transport_recv_enqueue() skips coalescing for packets\nwith VIRTIO_VSOCK_SEQ_EOM.\n\nIf fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM,\na very large number of packets can be queued\nbecause vvs-\u003erx_bytes stays at 0.\n\nFix this by estimating the skb metadata size:\n\n\t(Number of skbs in the queue) * SKB_TRUESIZE(0)"
}
],
"id": "CVE-2026-53132",
"lastModified": "2026-06-30T14:44:27.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0,
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"type": "Secondary"
}
]
},
"published": "2026-06-25T09:16:30.437",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/059b7dbd20a6f0c539a45ddff1573cb8946685b5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/100d5b2ffdc6468b9e48532641f29e83efdcb63c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/1eca304f97a34ed5e921e1f0e06c8b241f25bf12"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/9bdc637fde66b63d6cad0caacd034888bb7bf5f5"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…