Out-of-bounds write in Linux kernel - CVE-2026-53360
Published: July 7, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt host kernel heap memory and disclose host heap layout information.
The vulnerability exists due to an out-of-bounds read and out-of-bounds write in KVM SEV handling in arch/x86/kvm/svm/sev.c when processing guest-controlled Page State Change requests with a scratch buffer allocated outside the GHCB shared buffer under GHCB v2+. A local user can supply crafted PSC metadata that causes the host to iterate past the allocated scratch buffer to corrupt host kernel heap memory and disclose host heap layout information.
Exploitation requires a malicious SEV-SNP guest, and the issue may also trigger use-after-free conditions across repeated VMGEXITs.