PT-2026-52638 · Red Hat · Red Hat Openshift Virtualization 4
Huzaifa Sidhpurwala
·
Published
2026-06-26
·
Updated
2026-06-26
·
CVE-2026-13322
CVSS v3.1
3.8
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Virtualization 4