SB20260625223 - Out-of-bounds write in Linux kernel coco sev-guest driver



SB20260625223 - Out-of-bounds write in Linux kernel coco sev-guest driver

Published: June 25, 2026

Security Bulletin ID SB20260625223
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-52959)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to improper handling of a host-controlled allocation size in get_ext_report() in the sev-guest driver when processing an extended guest request. A local user can provide a crafted length value through the host response to cause memory corruption.

The issue occurs in the cleanup path after the host reports an invalid buffer length and returns an expected certificate buffer size.


Remediation

Install update from vendor's website.