CVE-2026-53132
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
A vulnerability in the Linux kernel's vsock/virtio driver allows unbounded packet queuing. An attacker can send zero-length packets with the VIRTIO_VSOCK_SEQ_EOM flag, keeping rx_bytes at 0 and allowing the skb queue to grow indefinitely.
Risk Assessment
This can lead to system memory exhaustion (out-of-memory) and denial of service (DoS) for virtual machines using vsock.
Recommendation
Immediately update the Linux kernel to a version containing the fix that accounts for skb metadata size (SKB_TRUESIZE(0)) when estimating queue usage.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM. If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0. Fix this by estimating the skb metadata size: (Number of skbs in the queue) * SKB_TRUESIZE(0)

