Heap Corruption and Information Disclosure in Linux Kernel Virtualization
CVE-2026-53360

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
4 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-53360?

A vulnerability exists in the Linux kernel related to KVM SEV-SNP that allows guest-controlled memory accesses to result in out-of-bounds reads and writes, leading to potential heap corruption and information disclosure. Specifically, the error arises when the guest sets parameters that exceed expected boundaries, causing the host to manipulate memory incorrectly. This vulnerability can lead to unauthorized access to sensitive information and manipulation of memory layout, posing significant security risks to systems relying on SR-IOV and SEV-SNP technologies. Exploiting this flaw allows attackers to read and write outside allocated memory regions, revealing valuable heap information, and could be leveraged to escalate further attacks.

Affected Version(s)

Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951

Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951

Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.