Stefano

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel's virtio transports are susceptible to an issue where the transmission (TX) credit is derived directly from `peer buf alloc`, which is determined by the remote endpoint's `SO VM SOCKETS BUFFER SIZE` value. This allows a malicious guest to advertise a large buffer size and read data slowly, potentially causing the host to allocate a substantial amount of `sk buff` memory. The same issue can occur in the guest if a malicious host is involved, as virtio transports share a common code base. A proof-of-concept (PoC) on an unpatched Ubuntu 22.04 host with approximately 64 GiB of RAM demonstrated that 32 guest vsock connections, each advertising 2 GiB and reading slowly, increased Slab/SUnreclaim memory usage from around 0.5 GiB to approximately 57 GiB, leading to system instability. The issue impacts virtio-vsock, vhost-vsock, and loopback due to changes limited to `virtio transport common.c`. The fix involves introducing a helper function, `virtio transport tx buf size()`, to ensure the effective TX window is bounded by both the peer's advertised buffer and the host's own buffer allocation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.