CVE-2026-13322
Received Received - Intake
KubeVirt Downward Metrics Virtio-Serial Memory Exhaustion

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Red Hat, Inc.

Description
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-13322
EUVD
EUVD-2026-39599
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat kubevirt virt-handler
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in KubeVirt's downward metrics virtio-serial server component within the virt-handler process. The server reads guest VM requests using a method that buffers input indefinitely until it encounters a newline character, without any limit on input length or read timeout.

A user with access to a VM guest configured with the downward metrics virtio-serial device can exploit this by sending a continuous stream of bytes without newlines. This causes the virt-handler process to allocate memory without bounds, eventually leading to the process being killed due to out-of-memory (OOM) conditions.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition on the virt-handler process managing the VM. By causing unbounded memory allocation, an attacker can force the virt-handler to be OOM-killed, disrupting the management and operation of virtual machines.

This can lead to instability or downtime of virtualized environments relying on KubeVirt, potentially affecting availability of services running inside those VMs.

Detection Guidance

This vulnerability involves unbounded memory allocation in the virt-handler process caused by a VM guest writing a continuous byte stream without newlines to the downward-metrics virtio-serial channel.

To detect this issue on your system, monitor the memory usage of the virt-handler process for unusual or continuous growth that could indicate an ongoing exploit.

You can use commands such as:

  • top or htop to observe real-time memory usage of the virt-handler process.
  • ps aux --sort=-rss | grep virt-handler to check the memory consumption of the virt-handler process.
  • dmesg or journalctl -xe to look for OOM-killer logs related to virt-handler.
  • Check logs of virt-handler for any abnormal behavior or errors.
Mitigation Strategies

Immediate mitigation involves preventing a VM guest from sending continuous byte streams without newlines to the downward-metrics virtio-serial device, which causes unbounded memory allocation.

Since the vulnerability is in the virt-handler process reading from the downward metrics virtio-serial server, you should:

  • Update the virt-handler component to a version that includes the upstream fix, which wraps the reader in io.LimitedReader with a small cap and adds a per-read deadline to prevent indefinite buffering.
  • Restrict or monitor access to the downward metrics virtio-serial device from VM guests to prevent malicious or malformed input.
  • Consider applying resource limits or cgroups to the virt-handler process to limit memory usage until a patch is applied.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13322. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart