CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 3 days ago•5 views

CVE-2026-46316

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64, specifically within the vgic-its component. This vulnerability occurs when multiple concurrent operations incorrectly drop the translation cache's reference to an entry more than once during cache invalidation. Thi...

7CVSS5.4AI score0.00018EPSS

NVD•added 3 days ago•5 views

CVE-2026-46317

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...

0.00017EPSS

NVD•added 3 days ago•5 views

CVE-2026-46316

0.00018EPSS

OSV•added 3 days ago•3 views

UBUNTU-CVE-2026-46317

5.4AI score0.00017EPSS

CVE•added 3 days ago•17 views

CVE-2026-46317

The CVE pertains to the Linux kernel KVM on arm64. kvm->arch.nested_mmus[] could be walked under mmu_lock, while kvm_vcpu_init_nested() reallocates and frees the old buffer, risking dereferencing a freed array via the MMU notifier path. The fix moves allocation of the new array outside the loc...

5.6AI score0.00017EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-47754

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested mmus array behind mmu lock kvm-arch.nested mmus is walked under kvm-mmu lock, including from the MMU notifier path kvm unmap gfn range - kvm nested s2 unmap, which can run at any time. kvm vcpu init...

5.6AI score0.00017EPSS

Tenable Nessus•added 3 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange -...

5.7AI score0.00017EPSS

NVD•added 2026/05/28 10:16 a.m.•8 views

CVE-2026-46147

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

5.5CVSS0.00013EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when an SError occurs When any exception other than an IRQ occurs, the CPU updates the ESREL2 register with the exception syndrome. An SError may also become pending, and will be...

5.5CVSS5.3AI score0.00018EPSS

SUSE CVE•added 2026/05/13 3:35 a.m.•4 views

SUSE CVE-2026-43351

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgicallocateprivateirqslocked fails for any odd reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialised. kvmvgicdistdestroy then comes along and walk...

5.8AI score0.00015EPSS

OSV•added 2026/05/08 3:16 p.m.•2 views

UBUNTU-CVE-2026-43351

5.5CVSS5.7AI score0.00015EPSS

Exploits0References6

Debian CVE•added 2026/05/08 2:21 p.m.•6 views

CVE-2026-43351

5.5CVSS5.7AI score0.00015EPSS

Exploits0

CVE•added 2026/05/08 2:21 p.m.•16 views

CVE-2026-43351

The CVE-2026-43351 issue affects the Linux kernel’s KVM on arm64 when creating a virtual GIC. If vgic_allocate_private_irqs_locked() fails, kvm_vgic_create() can exit before vgic dist regions are initialised, and kvm_vgic_dist_destroy() may then attempt to free uninitialised data, risking a crash...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/04/29 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in kvmatswapdesc Using u64 user hva + offset to get t...

8.8CVSS5.7AI score0.00017EPSS

EUVD•added 2026/04/24 2:35 p.m.•1 views

EUVD-2026-25446

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in kvmatswapdesc Using "u64 user hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset,...

5.3AI score0.00017EPSS

Debian CVE•added 2026/04/24 2:35 p.m.•1 views

CVE-2026-31553

8.8CVSS5.3AI score0.00017EPSS

Exploits0

EUVD•added 2026/04/03 3:30 p.m.•2 views

EUVD-2026-18647

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is initialized from...

5.8AI score0.00017EPSS