SB20260625223 - Out-of-bounds write in Linux kernel coco sev-guest driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-52959)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to improper handling of a host-controlled allocation size in get_ext_report() in the sev-guest driver when processing an extended guest request. A local user can provide a crafted length value through the host response to cause memory corruption.
The issue occurs in the cleanup path after the host reports an invalid buffer length and returns an expected certificate buffer size.
Remediation
Install update from vendor's website.