CVE Catalog

CVE-2026-53132

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A vulnerability in the Linux kernel's vsock/virtio driver allows unbounded packet queuing. An attacker can send zero-length packets with the VIRTIO_VSOCK_SEQ_EOM flag, keeping rx_bytes at 0 and allowing the skb queue to grow indefinitely.

Risk Assessment

This can lead to system memory exhaustion (out-of-memory) and denial of service (DoS) for virtual machines using vsock.

Recommendation

Immediately update the Linux kernel to a version containing the fix that accounts for skb metadata size (SKB_TRUESIZE(0)) when estimating queue usage.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM. If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0. Fix this by estimating the skb metadata size: (Number of skbs in the queue) * SKB_TRUESIZE(0)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS