SB2026070737 - Out-of-bounds write in Linux kernel kvm svm
Published: July 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-53360)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to corrupt host kernel heap memory and disclose host heap layout information.
The vulnerability exists due to an out-of-bounds read and out-of-bounds write in KVM SEV handling in arch/x86/kvm/svm/sev.c when processing guest-controlled Page State Change requests with a scratch buffer allocated outside the GHCB shared buffer under GHCB v2+. A local user can supply crafted PSC metadata that causes the host to iterate past the allocated scratch buffer to corrupt host kernel heap memory and disclose host heap layout information.
Exploitation requires a malicious SEV-SNP guest, and the issue may also trigger use-after-free conditions across repeated VMGEXITs.
Remediation
Install update from vendor's website.