Main Vulnerability Database Vulnerabilities #VU124778

Improper resource shutdown or release in Linux kernel - CVE-2026-23401

Published: April 1, 2026

Vulnerability identifier: #VU124778

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23401

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of SPTE updates in KVM MMU when installing emulated MMIO SPTEs. A local user can trigger a page fault after host userspace modifies guest memory mappings to switch from memslot to emulated MMIO, leading to an attempt to mark an already present SPTE as MMIO, which results in a kernel warning and potential guest crash. A local user can send a specially crafted request to cause a denial of service.

The issue arises when KVM fails to drop the existing shadow-present SPTE before installing an MMIO SPTE, resulting in inconsistent MMU state and triggering a kernel warning that can crash the guest.

How to mitigate CVE-2026-23401

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605

Improper resource shutdown or release in Linux kernel - CVE-2026-23401

Detailed vulnerability description

How to mitigate CVE-2026-23401

Sources

Please verify you're human