Out-of-bounds write in Linux kernel - CVE-2026-53360

 

Out-of-bounds write in Linux kernel - CVE-2026-53360

Published: July 7, 2026


Vulnerability identifier: #VU136963
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53360
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to corrupt host kernel heap memory and disclose host heap layout information.

The vulnerability exists due to an out-of-bounds read and out-of-bounds write in KVM SEV handling in arch/x86/kvm/svm/sev.c when processing guest-controlled Page State Change requests with a scratch buffer allocated outside the GHCB shared buffer under GHCB v2+. A local user can supply crafted PSC metadata that causes the host to iterate past the allocated scratch buffer to corrupt host kernel heap memory and disclose host heap layout information.

Exploitation requires a malicious SEV-SNP guest, and the issue may also trigger use-after-free conditions across repeated VMGEXITs.


How to mitigate CVE-2026-53360

Install security update from vendor's repository.

Sources