3.8
CVE-2026-13322
- EPSS 0.09%
- Veröffentlicht 26.06.2026 00:04:07
- Zuletzt bearbeitet 06.07.2026 17:25:39
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Virtualization Version >= 4 <= 4.22.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 3.8 | 2 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/security/cve/CVE-2026-13322
https://bugzilla.redhat.com/show_bug.cgi?id=2492681