Heap Corruption and Information Disclosure in Linux Kernel Virtualization
CVE-2026-53360
Key Information:
Badges
What is CVE-2026-53360?
A vulnerability exists in the Linux kernel related to KVM SEV-SNP that allows guest-controlled memory accesses to result in out-of-bounds reads and writes, leading to potential heap corruption and information disclosure. Specifically, the error arises when the guest sets parameters that exceed expected boundaries, causing the host to manipulate memory incorrectly. This vulnerability can lead to unauthorized access to sensitive information and manipulation of memory layout, posing significant security risks to systems relying on SR-IOV and SEV-SNP technologies. Exploiting this flaw allows attackers to read and write outside allocated memory regions, revealing valuable heap information, and could be leveraged to escalate further attacks.
Affected Version(s)
Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951
Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951
Linux 4af663c2f64a8d252e690c60cf8b8abf22dc2951
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.