4 matches found
KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
...
CVE-2026-52969 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...
CVE-2026-52969 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...
CVE-2026-52969
CVE-2026-52969 affects the Linux kernel KVM component. The vulnerability stems from an unchecked u64 addition in kvm_reset_dirty_gfn(), where the guard if (!memslot || (offset + __fls(mask)) >= memslot->npages) can be bypassed due to offset being 64‑bit. This can allow an out-of-bounds load...