CVE-2026-53181

EUVD-2026-39272

25.06.2026, 09:16

In the Linux kernel, the following vulnerability has been resolved:

vsock/vmci: fix sk_ack_backlog leak on failed handshake

When vmci_transport_recv_connecting_server() returns an error,
vmci_transport_recv_listen() calls vsock_remove_pending() but never
calls sk_acceptq_removed(). This leaves sk_ack_backlog incremented
permanently.

Repeated handshake failures (malformed packets, queue pair alloc
failure, event subscribe failure) cause sk_ack_backlog to climb
toward sk_max_ack_backlog. Once it reaches the limit the listener
permanently refuses all new connections with -ECONNREFUSED, a
silent denial of service requiring a process restart to recover.

The two existing sk_acceptq_removed() calls in af_vsock.c do not
cover this path: line 764 checks vsock_is_pending() which returns
false after vsock_remove_pending(), and line 1889 is only reached
on successful accept().

Fix by balancing sk_acceptq_added() with sk_acceptq_removed() on
the error path.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	7.0.13-1 fixed
trixie	vulnerable
trixie (security)	6.12.94-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2026-06-24T22:00:00+00:00

References

https://git.kernel.org/stable/c/22c587aa3ab1ab5264daff3ec32136fd30436c13

https://git.kernel.org/stable/c/9698582a4dd9c4a05889d7db96d4c0edc9e69cac

https://git.kernel.org/stable/c/ba9ad6015937a5e46ba1a31370e3efdec8abbdcc

https://git.kernel.org/stable/c/bcb275626055df7f8f947f1a349754b4004d9a15

https://git.kernel.org/stable/c/c05fa14db43ebef3bd862ca9d073981c0358b3f0

https://git.kernel.org/stable/c/cf7090e255d74c4b61c51f8ede9fcacdd8393b5b

https://git.kernel.org/stable/c/dfd853197615d322d3a88dbcab91fc0fd2096219

https://git.kernel.org/stable/c/ea0b03d52881c12a8c634ea0d6cbfa61cefdb488