Out-of-bounds write in Linux kernel - CVE-2026-52959

 

Out-of-bounds write in Linux kernel - CVE-2026-52959

Published: June 25, 2026


Vulnerability identifier: #VU135413
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-52959
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to improper handling of a host-controlled allocation size in get_ext_report() in the sev-guest driver when processing an extended guest request. A local user can provide a crafted length value through the host response to cause memory corruption.

The issue occurs in the cleanup path after the host reports an invalid buffer length and returns an expected certificate buffer size.


How to mitigate CVE-2026-52959

Install security update from vendor's repository.

Sources