Out-of-bounds write in Linux kernel - CVE-2026-52969

 

Out-of-bounds write in Linux kernel - CVE-2026-52969

Published: June 25, 2026


Vulnerability identifier: #VU135406
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-52969
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to an out-of-bounds write in kvm_reset_dirty_gfn() and the KVM dirty ring handling logic when processing rewritten dirty ring entries from a vcpu file descriptor. A local user can modify slot and offset fields in crafted dirty ring entries to cause memory corruption.

The issue is reachable from a process holding /dev/kvm and affects the legacy MMU path with shadow paging, allocated shadow roots, or a write-tracked slot.


How to mitigate CVE-2026-52969

Install security update from vendor's repository.

Sources