Lucene search
K

393 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS5.9AI score0.00126EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/07/05 1:58 a.m.5 views

SUSE CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References4
OSV
OSV
added 2026/07/04 12:17 p.m.6 views

UBUNTU-CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

6AI score0.00176EPSS
Exploits3References10
Debian CVE
Debian CVE
added 2026/07/04 11:53 a.m.7 views

CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/07/04 11:51 a.m.10 views

CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

5.8AI score0.00176EPSS
Exploits3
CVE
CVE
added 2026/07/04 11:51 a.m.299 views

CVE-2026-53359

CVE-2026-53359 concerns the Linux kernel KVM/x86 shadow paging use-after-free caused by a mismatch in GFN handling when a PDE is modified to a non-leaf page. After the PDE change and memslot deletion, rmap entries tied to the GFN may not be removed, and kvm_mmu_page_get_gfn() can compute an incor...

5.8AI score0.00176EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53345

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...

5.8AI score0.00156EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53345

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...

5.8AI score0.00156EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:7 a.m.8 views

SUSE CVE-2026-53277

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walks1 and kvmwalknesteds2 expect to be called while holding kvm-srcu to guard against memslot changes. While this is generally the case,...

8.8CVSS5.8AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 9:48 p.m.8 views

CVE-2026-52969

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with access to /dev/kvm could exploit an integer overflow vulnerability in the kvmresetdirtygfn function. By manipulating dirty ring entries, the attacker can bypass a bounds check, leading to an...

7CVSS5.8AI score0.00147EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is...

7CVSS6AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.27 views

CVE-2026-52969 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

0.00147EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...

5.5CVSS5.9AI score0.00198EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: KVM: Do not corrupt the irqfd routing entry when deassigning an irqfd When deassigning a KVMIRQFD, do not corrupt the irqfd’s copy of the IRQ routing entry. Doing so will break the kvmarchirqbypassdelproducer function on x86 a...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 5:17 p.m.11 views

CVE-2026-46317

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine for arm64 architectures. An issue in the reallocation of the nestedmmus array allows a process to access freed memory. This memory corruption vulnerability could enable a local attacker to escalate privileges or cause a denia...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:3 a.m.8 views

KVM: x86: check for nEPT/nNPT in slow flush hypercalls

...

5.5CVSS5.4AI score0.00127EPSS
Exploits0
OSV
OSV
added 2026/05/28 10:16 a.m.23 views

UBUNTU-CVE-2026-46147

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.17 views

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

8.8CVSS5.7AI score0.00126EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:35 a.m.79 views

CVE-2026-46113

CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...

8.8CVSS5.7AI score0.00126EPSS
Exploits0References6Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:10 a.m.9 views

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
Rows per page
Query Builder