Impact
A flaw in the Linux kernel’s KVM memory handling incorrectly clears the XN (execute never) flag for certain pages when the FEAT_XNX feature is not enabled. The bug causes the kernel to unconditionally grant execute permissions to memory that should be non-executable, effectively allowing any process that can target that memory region to run code that was intended to be protected. This represents a CWE-266 flaw.
Affected Systems
The issue is limited to Linux kernel implementations that use KVM with arm64 architecture. Any host system running a kernel version containing the flawed code and configured without FEAT_XNX enables the vulnerability.
Risk and Exploitability
The EPSS score of < 1% indicates a very low but non-zero likelihood of exploitation, and the CVSS score of 8.8 classifies the vulnerability as high severity. The flaw is not listed in CISA KEV, so no publicly documented exploitations are known. An attacker with the ability to influence KVM memory mapping could potentially use the bug to execute arbitrary code within a guest or the host by subverting the XN bit handling.
OpenCVE Enrichment