8.8
CVE-2026-53277
- EPSS 0.11%
- Veröffentlicht 25.06.2026 08:40:00
- Zuletzt bearbeitet 08.07.2026 04:00:04
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.12 < 6.18.36
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.13
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
Linux ≫ Linux Kernel Version7.1 Updaterc3
Linux ≫ Linux Kernel Version7.1 Updaterc4
Linux ≫ Linux Kernel Version7.1 Updaterc5
Linux ≫ Linux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-662 Improper Synchronization
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
CWE-820 Missing Synchronization
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
https://git.kernel.org/stable/c/97706097f9b851cfe55c3b00b083dfc2bcf542bc
https://git.kernel.org/stable/c/ec42b4ed1b072ea2d03f086061aa67bad6d8de39
https://git.kernel.org/stable/c/f2ca45b50d4216c9cc7ffabf50d9ad1932209251
https://bugzilla.redhat.com/show_bug.cgi?id=2492725
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53277.json
https://access.redhat.com/security/cve/CVE-2026-53277