<Vulnerability name="CVE-2026-53132">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-06-25T00:00:00</PublicDate>
    <Bugzilla id="2492753" url="https://bugzilla.redhat.com/show_bug.cgi?id=2492753" xml:lang="en:us">
kernel: vsock/virtio: fix potential unbounded skb queue
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>7.0</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-770</CWE>
    <Details xml:lang="en:us" source="Mitre">
In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential unbounded skb queue

virtio_transport_inc_rx_pkt() checks vvs-&gt;rx_bytes + len &gt; vvs-&gt;buf_alloc.

virtio_transport_recv_enqueue() skips coalescing for packets
with VIRTIO_VSOCK_SEQ_EOM.

If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM,
a very large number of packets can be queued
because vvs-&gt;rx_bytes stays at 0.

Fix this by estimating the skb metadata size:

	(Number of skbs in the queue) * SKB_TRUESIZE(0)
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in the Linux kernel's vsock/virtio component. A remote attacker could send specially crafted packets with zero length and an End-of-Message (EOM) flag. This could lead to an unbounded queue of packets, consuming excessive memory and potentially causing a Denial of Service (DoS) due to resource exhaustion.
    </Details>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-53132
https://nvd.nist.gov/vuln/detail/CVE-2026-53132
https://lore.kernel.org/linux-cve-announce/2026062541-CVE-2026-53132-7ab2@gregkh/T
    </References>
</Vulnerability>