Race condition in Linux kernel - CVE-2026-53277
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in arm64 KVM page table walk handling when performing fault injection and address translation emulation. A local user can trigger page table walks without the required SRCU protection to cause a denial of service.
The issue affects calls to __kvm_at_s12() and __kvm_find_s1_desc_level() that invoke nested stage-2 and stage-1 walkers without holding kvm->srcu.