CVE-2026-53181

Source
https://cve.org/CVERecord?id=CVE-2026-53181
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53181.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53181
Downstream
Related
Published
2026-06-25T08:38:55.994Z
Modified
2026-07-08T08:07:23.603248580Z
Summary
vsock/vmci: fix sk_ack_backlog leak on failed handshake
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock/vmci: fix skackbacklog leak on failed handshake

When vmcitransportrecvconnectingserver() returns an error, vmcitransportrecvlisten() calls vsockremovepending() but never calls skacceptqremoved(). This leaves skack_backlog incremented permanently.

Repeated handshake failures (malformed packets, queue pair alloc failure, event subscribe failure) cause skackbacklog to climb toward skmaxack_backlog. Once it reaches the limit the listener permanently refuses all new connections with -ECONNREFUSED, a silent denial of service requiring a process restart to recover.

The two existing skacceptqremoved() calls in afvsock.c do not cover this path: line 764 checks vsockispending() which returns false after vsockremove_pending(), and line 1889 is only reached on successful accept().

Fix by balancing skacceptqadded() with skacceptqremoved() on the error path.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53181.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d021c344051af91f42c5ba9fdedc176740cbd238
Fixed
22c587aa3ab1ab5264daff3ec32136fd30436c13
Fixed
cf7090e255d74c4b61c51f8ede9fcacdd8393b5b
Fixed
ea0b03d52881c12a8c634ea0d6cbfa61cefdb488
Fixed
dfd853197615d322d3a88dbcab91fc0fd2096219
Fixed
bcb275626055df7f8f947f1a349754b4004d9a15
Fixed
ba9ad6015937a5e46ba1a31370e3efdec8abbdcc
Fixed
9698582a4dd9c4a05889d7db96d4c0edc9e69cac
Fixed
c05fa14db43ebef3bd862ca9d073981c0358b3f0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53181.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.9.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53181.json"