PT-2026-52638 · Red Hat · Red Hat Openshift Virtualization 4
Huzaifa Sidhpurwala
·
Publicado
2026-06-26
·
Atualizado
2026-06-26
·
CVE-2026-13322
CVSS v3.1
3.8
Baixa
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
Correção
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat Openshift Virtualization 4