CVE-2026-23402

🗓️ 01 Apr 2026 09:16:00Reported by ubuntu.comType

Resolved KVM x86 memory management unit warning for overwriting shadow-present spte; applies only to direct memory management units.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-23402	1 Apr 202608:36	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1746)	27 May 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-23402	2 Apr 202600:00	–	nessus
Amazon	Important: kernel6.18	26 May 202600:00	–	amazon
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
CNNVD	Linux kernel 安全漏洞	1 Apr 202600:00	–	cnnvd
CVE	CVE-2026-23402	1 Apr 202608:36	–	cve
Cvelist	CVE-2026-23402 KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE	1 Apr 202608:36	–	cvelist
Debian CVE	CVE-2026-23402	1 Apr 202608:36	–	debiancve
EUVD	EUVD-2026-17830	1 Apr 202609:31	–	euvd

OS	OS Version	Architecture	Package	Filename
Ubuntu	25.10	any	linux	linux_0_any.deb
Ubuntu	24.04	any	linux-hwe-6.17	linux-hwe-6.17_0_any.deb
Ubuntu	25.10	any	linux-aws	linux-aws_0_any.deb
Ubuntu	24.04	any	linux-aws-6.17	linux-aws-6.17_0_any.deb
Ubuntu	25.10	any	linux-azure	linux-azure_0_any.deb
Ubuntu	24.04	any	linux-azure-6.17	linux-azure-6.17_0_any.deb
Ubuntu	25.10	any	linux-azure-fde	linux-azure-fde_0_any.deb
Ubuntu	24.04	any	linux-azure-fde-6.17	linux-azure-fde-6.17_0_any.deb
Ubuntu	25.10	any	linux-gcp	linux-gcp_0_any.deb
Ubuntu	24.04	any	linux-gcp-6.17	linux-gcp-6.17_0_any.deb

Source	Link
cve	www.cve.org/CVERecord
git	www.git.kernel.org/linus/df83746075778958954aa0460cca55f4b3fc9c02%20(7.0-rc6)
git	www.git.kernel.org/stable/c/df83746075778958954aa0460cca55f4b3fc9c02

23 May 2026 09:38Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.5

EPSS0.00007