CVE-2026-53132 PUBLISHED

vsock/virtio: fix potential unbounded skb queue

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential unbounded skb queue

virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc.

virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM.

If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM, a very large number of packets can be queued because vvs->rx_bytes stays at 0.

Fix this by estimating the skb metadata size:

<pre>(Number of skbs in the queue) * SKB_TRUESIZE(0) </pre>

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 077706165717686a2a6a71405fef036cd5b37ae0 to 1eca304f97a34ed5e921e1f0e06c8b241f25bf12 (excl.)
  • affected from 077706165717686a2a6a71405fef036cd5b37ae0 to 9bdc637fde66b63d6cad0caacd034888bb7bf5f5 (excl.)
  • affected from 077706165717686a2a6a71405fef036cd5b37ae0 to 100d5b2ffdc6468b9e48532641f29e83efdcb63c (excl.)
  • affected from 077706165717686a2a6a71405fef036cd5b37ae0 to 059b7dbd20a6f0c539a45ddff1573cb8946685b5 (excl.)
  • Version 5852a2b573f7a3a29df46296e56aa3491e589cdf is affected
  • affected from 6.1.63 to 6.2 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.3 is affected
  • unaffected from 0 to 6.3 (excl.)
  • unaffected from 6.12.94 to 6.12.* (incl.)
  • unaffected from 6.18.36 to 6.18.* (incl.)
  • unaffected from 7.0.13 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References