CVE-2026-53132

EUVD-2026-39337

25.06.2026, 09:16

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix potential unbounded skb queue

virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc.

virtio_transport_recv_enqueue() skips coalescing for packets
with VIRTIO_VSOCK_SEQ_EOM.

If fed with packets with len == 0 and VIRTIO_VSOCK_SEQ_EOM,
a very large number of packets can be queued
because vvs->rx_bytes stays at 0.

Fix this by estimating the skb metadata size:

	(Number of skbs in the queue) * SKB_TRUESIZE(0)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	vulnerable
sid	7.0.13-1 fixed
trixie	vulnerable
trixie (security)	6.12.94-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2026-06-24T22:00:00+00:00

References

https://git.kernel.org/stable/c/059b7dbd20a6f0c539a45ddff1573cb8946685b5

https://git.kernel.org/stable/c/100d5b2ffdc6468b9e48532641f29e83efdcb63c

https://git.kernel.org/stable/c/1eca304f97a34ed5e921e1f0e06c8b241f25bf12

https://git.kernel.org/stable/c/9bdc637fde66b63d6cad0caacd034888bb7bf5f5