Severity: High (CVSS 7)

Affected Systems: Linux Linux Kernel

Overview

KVM: x86: Fix shadow paging use-after-free due to unexpected role

A high vulnerability identified as CVE-2026-53359 has been disclosed.

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix shadow paging use-after-free due to unexpected role

Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due
to unexpected GFN") fixed a shadow paging mismatch between stored and
computed GFNs; the bug could be triggered by changing a PDE mapping from
outside the guest, and then deleting a memslot. The rmap_remove()
call would miss entries created after the PDE change because the GFN
of the leaf SPTE does not match the GFN of the struct kvm_mmu_page.

A similar hole however remains if the modified PDE points to a non-leaf
page. In this case the gfn can be made to match, but the role does not
match: the original large 2MB page creates a kvm_mmu_page with direct=1,
while the new 4KB needs a kvm_mmu_page with direct=0. However,
kvm_mmu_get_child_sp() does not compare the role, and therefore reuses
the page.

The next step is installing a lea...

Risk

CVSS and CISA data indicate the following:

  • Review the OpenCVE and vendor advisory for exploit conditions and impact

OpenCVE Analysis

CVSS v4.0 N/ACVSS v3.1 7 HighCVSS v3.0 N/ACVSS v2 N/AKEV noEPSS yesSSVC no

  • OpenCVE title: KVM: x86: Fix shadow paging use-after-free due to unexpected role
  • Severity score: High (CVSS 7)
  • EPSS score: 0.00176
  • Weaknesses: CWE-825
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
Confidentiality ImpactHigh
Integrity ImpactHigh
Availability ImpactHigh
Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Required Action

Review the OpenCVE detail page and linked vendor advisory, then apply the vendor-provided update or mitigation for the affected product.

Prioritize systems where the affected product is internet-facing, handles authentication, or runs with elevated privileges.

Verify Updates

Confirm whether your environment uses the affected product(s): Linux Linux Kernel.

After remediation, verify the installed version against the fixed or unaffected versions listed by the vendor.

Temporary Mitigation (if patch is not available)

Use the mitigation published by the vendor. If no vendor mitigation is available, reduce exposure to the affected product, restrict access to trusted users or networks, and increase monitoring until an update can be applied.

Recommendation

  • Use OpenCVE, vendor, and source references as the source of truth for affected versions and remediation
  • Patch or mitigate affected products after confirming exposure in your environment
  • Monitor affected systems for unusual activity until remediation is complete

Support

If you require assistance, please contact our support team.

Immediate action is strongly recommended to protect your infrastructure.

Source Details

Customer Responsibility and Backups

Before applying updates, mitigations, or configuration changes, customers should take and verify current backups or snapshots of affected systems.

Customers are responsible for managing their servers, validating their own backups, testing changes, and ensuring they can restore services if an update or mitigation causes an issue.



Tuesday, July 7, 2026

« Back