Description
In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation

walk_s1() and kvm_walk_nested_s2() expect to be called while holding
kvm->srcu to guard against memslot changes. While this is generally
the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the
respective walkers without taking kvm->srcu.

Fix by acquiring kvm->srcu prior to the table walk in both instances.
Published: 2026-06-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability stems from the Linux kernel’s KVM subsystem on arm64, where page table walks in fault injection and AT emulation are performed without acquiring the necessary SRCU lock. The result is an unchecked race condition that can corrupt memory, leading to kernel panics or other unstable states. The weakness is a concurrency issue involving shared memory protection as defined by CWE‑820, allowing an attacker to manipulate shared data structures concurrently.

Affected Systems

All Linux kernel arm64 builds that implement the KVM virtualization path prior to the fix in commit 97706097f9b851cfe55c3b00b083dfc2bcf542bc. The issue specifically affects the kvm_walk_nested_s2() and walk_s1() functions when used by __kvm_at_s12() and __kvm_find_s1_desc_level() without holding the kvm->srcu lock.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability, while the EPSS score of <1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no known large‑scale exploitation. The likely attack vector involves a malicious guest or a user with sufficient privileges to trigger fault injection or AT emulation in KVM, potentially leading to arbitrary memory corruption or a denial‑of‑service condition. As it is a concurrency issue, the success of an exploit depends on precise timing and the ability to force the kernel to perform the problematic page table walks.

Generated by OpenCVE AI on June 28, 2026 at 14:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that acquires kvm->srcu before page table walks (commit 97706097f9b851cfe55c3b00b083dfc2bcf542bc), which addresses the race condition and concurrent modification (CWE‑820).
  • Upgrade to the latest Linux kernel version released by your vendor that contains this fix.
  • Disable or restrict fault injection and AT emulation features in KVM if they are not needed, to reduce exposure to this concurrency issue.

Generated by OpenCVE AI on June 28, 2026 at 14:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-410

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-820
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important


Thu, 25 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-410

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.
Title KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-15T00:44:27.450Z

Reserved: 2026-06-09T07:44:35.395Z

Link: CVE-2026-53277

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53277 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:15:08Z

Weaknesses