Use-after-free in Linux kernel - CVE-2026-53359
Published: July 7, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the KVM x86 shadow paging logic when changing a PDE mapping from outside the guest and deleting a memslot. A local user can trigger stale rmap entries and subsequent dereference of a freed sptep to cause a denial of service.
The issue occurs when a modified PDE points to a non-leaf page, causing a role mismatch between reused shadow pages for large 2MB mappings and new 4KB mappings.
How to mitigate CVE-2026-53359
Sources
- https://git.kernel.org/stable/c/1ae7d5a6db6c190ce183e3098ca0e0846e14d462
- https://git.kernel.org/stable/c/2ad3afa40ac6aa340dada122f9abfa46c0a6eb35
- https://git.kernel.org/stable/c/5e470998a23e4c3d89ed24e8172cb22747e61efa
- https://git.kernel.org/stable/c/81ccda30b4e83d8f5cc4fd50503c44e3a33abfeb
- https://git.kernel.org/stable/c/9291654d69e08542de37755cebe4d5b02c3170d1
- https://git.kernel.org/stable/c/b1337aae5e194324e4810d561764e7793f8b3864
- http://www.openwall.com/lists/oss-security/2026/07/06/7