{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-13322","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2026-06-25T08:58:54.983Z","datePublished":"2026-06-26T00:04:07.651Z","dateUpdated":"2026-06-26T13:39:15.504Z"},"containers":{"cna":{"title":"Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service","metrics":[{"other":{"content":{"value":"Low","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.8,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed."}],"affected":[{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-handler","defaultStatus":"affected","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-handler-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:container_native_virtualization:4"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-13322","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492681","name":"RHBZ#2492681","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2026-06-25T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-770: Allocation of Resources Without Limits or Throttling","workarounds":[{"lang":"en","value":"The downward metrics virtio-serial device must be explicitly added to a VM's specification to be present. Clusters that do not use this feature are not exposed. To reduce exposure, administrators can restrict the ability to configure downward metrics devices on tenant VMs by using an admission webhook or policy controller such as Gatekeeper/OPA."}],"timeline":[{"lang":"en","time":"2026-06-25T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-25T00:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"This issue was discovered by Huzaifa Sidhpurwala (Red Hat)."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-06-26T00:04:07.651Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-26T13:39:04.943661Z","id":"CVE-2026-13322","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-26T13:39:15.504Z"}}]}}