CVE-2026-53277 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-25 | Updated 2026-06-25 | Assigner Linux

Product status

Default status

unaffected

be04cebf3e78874627dc1042991d5d504464a5cc (git) before 97706097f9b851cfe55c3b00b083dfc2bcf542bc

affected

be04cebf3e78874627dc1042991d5d504464a5cc (git) before ec42b4ed1b072ea2d03f086061aa67bad6d8de39

affected

be04cebf3e78874627dc1042991d5d504464a5cc (git) before f2ca45b50d4216c9cc7ffabf50d9ad1932209251

affected

Default status

affected

6.12

affected

Any version before 6.12

unaffected

6.18.36 (semver)

unaffected

7.0.13 (semver)

unaffected

7.1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/97706097f9b851cfe55c3b00b083dfc2bcf542bc

git.kernel.org/...c/ec42b4ed1b072ea2d03f086061aa67bad6d8de39

git.kernel.org/...c/f2ca45b50d4216c9cc7ffabf50d9ad1932209251

cve.org (CVE-2026-53277)

nvd.nist.gov (CVE-2026-53277)

Download JSON

help @ threatint.eu