SB2026070737 - Out-of-bounds write in Linux kernel kvm svm



SB2026070737 - Out-of-bounds write in Linux kernel kvm svm

Published: July 7, 2026

Security Bulletin ID SB2026070737
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Privilege escalation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-53360)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to corrupt host kernel heap memory and disclose host heap layout information.

The vulnerability exists due to an out-of-bounds read and out-of-bounds write in KVM SEV handling in arch/x86/kvm/svm/sev.c when processing guest-controlled Page State Change requests with a scratch buffer allocated outside the GHCB shared buffer under GHCB v2+. A local user can supply crafted PSC metadata that causes the host to iterate past the allocated scratch buffer to corrupt host kernel heap memory and disclose host heap layout information.

Exploitation requires a malicious SEV-SNP guest, and the issue may also trigger use-after-free conditions across repeated VMGEXITs.


Remediation

Install update from vendor's website.