Out-of-bounds write in Linux kernel - CVE-2026-52959
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to improper handling of a host-controlled allocation size in get_ext_report() in the sev-guest driver when processing an extended guest request. A local user can provide a crafted length value through the host response to cause memory corruption.
The issue occurs in the cleanup path after the host reports an invalid buffer length and returns an expected certificate buffer size.