371 matches found
kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...
UBUNTU-CVE-2026-53342
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in createpgdmapping" page-table allocation on ARM64 always calls pagetablepte,pmd,pud,p4dctor. This sets...
CVE-2026-53342
A flaw was found in the Linux kernel, specifically within the ARM64 architecture's memory management. This vulnerability occurs because the system fails to properly deallocate page tables that have been hot-removed, leading to memory leaks. This can result in incorrect memory usage statistics and...
CVE-2026-53312
In CVE-2026-53312, a Linux kernel iommu/riscv vulnerability is resolved: an integer overflow in the invalidation path could cause an infinite loop when handling sign-extended page tables (ULONG_MAX) during a gather/end computation. The fix moves the +1 away from the potentially overflowed compari...
Linux Distros Unpatched Vulnerability : CVE-2026-53109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/pgtable-frag: Fix bad page state in ptefragdestroy powerpc uses ptfragrefcount as a reference counter for tracking it's pte and pmd page table fragments...
CVE-2026-53057
The CVE-2026-53057 entry describes a Linux kernel IOMMU issue for RISCV: after updating DDT/PDT entries, the system must invalidate TLB and context cache entries. The fix adds riscv_iommu_iodir_iotinval() to perform the required IOTINVAL-based invalidations in accordance with the RISC-V IOMMU spe...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed UAF issues on kernel BO VA nodes. If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to still be updated; if the MMU is blocked, the rest of the GPU should also be blocke...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: IOMMU: Disable SVA when CONFIGX86 is set The patch series “Fix stale IOTLB entries for kernel address space”, version 7, proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing SVA. In an SVA contex...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: Set UXN on swapper page tables This issue was accidentally fixed upstream via c3cee924bd85 "arm64: head: cover the entire kernel image in the initial ID map", as part of a major refactoring of the arm64 boot process. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fixed a memory leak caused by pgdfree The pgd page is freed by the generic implementation pgdfree since commit f9cb654cb550 „asm-generic: pgalloc: provides a generic pgdfree”, however, there are scenarios in which...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: PTEs are reset when using close, especially for entries protected by wr. The userfaultfd unregistration process includes a step to remove the wr-protect bits from all relevant pgtable entries. However, this only...
CVE-2026-34192
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...
CVE-2026-34192
CVE-2026-34192 affects GPU driver components (GPU DDK) where MMU page tables are freed without proper cleanup in an error path, allowing a non-privileged user to trigger use-after-free of physical memory. The issue is caused by _MMU_AllocLevel error recovery paths that leave dangling page table e...
CVE-2026-34192 GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...
EUVD-2026-38001
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...
PT-2026-50865
Name of the Vulnerable Software and Affected Versions GPU DDK affected versions not specified Description Software run by a non-privileged user can execute improper GPU system calls to trigger an error path, resulting in a Use-After-Free UAF of GPU page tables. This occurs because an error recove...
ALPINE-CVE-2026-42488
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
CVE-2026-42488
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
CVE-2026-42488
CVE-2026-42488 concerns the Xen hypervisor. Some shadow paging error paths can switch page-tables without updating the running vCPU reference, causing a mismatch between loaded page-tables and mapcache metadata and potentially leading to mapcache corruption. Affected products/versions are implied...
EUVD-2026-37891
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...