Home

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM. If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0. Fix this by estimating the skb metadata size: (Number of skbs in the queue) * SKB_TRUESIZE(0)

PUBLISHED Reserved 2026-06-09 | Published 2026-06-25 | Updated 2026-06-25 | Assigner Linux

Product status

Default status
unaffected

077706165717686a2a6a71405fef036cd5b37ae0 (git) before 1eca304f97a34ed5e921e1f0e06c8b241f25bf12
affected

077706165717686a2a6a71405fef036cd5b37ae0 (git) before 9bdc637fde66b63d6cad0caacd034888bb7bf5f5
affected

077706165717686a2a6a71405fef036cd5b37ae0 (git) before 100d5b2ffdc6468b9e48532641f29e83efdcb63c
affected

077706165717686a2a6a71405fef036cd5b37ae0 (git) before 059b7dbd20a6f0c539a45ddff1573cb8946685b5
affected

5852a2b573f7a3a29df46296e56aa3491e589cdf (git)
affected

6.1.63 (semver) before 6.2
affected

Default status
affected

6.3
affected

Any version before 6.3
unaffected

6.12.94 (semver)
unaffected

6.18.36 (semver)
unaffected

7.0.13 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/1eca304f97a34ed5e921e1f0e06c8b241f25bf12

git.kernel.org/...c/9bdc637fde66b63d6cad0caacd034888bb7bf5f5

git.kernel.org/...c/100d5b2ffdc6468b9e48532641f29e83efdcb63c

git.kernel.org/...c/059b7dbd20a6f0c539a45ddff1573cb8946685b5

cve.org (CVE-2026-53132)

nvd.nist.gov (CVE-2026-53132)

Download JSON