CVE-2026-53277
Analyzed Analyzed - Analysis Complete

KVM: arm64 SRCU Lock Missing in Page Table Walks

Vulnerability report for CVE-2026-53277, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-15

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.12 (inc) to 6.18.36 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-820 The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
CWE-662 The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) for the arm64 architecture. Specifically, certain functions involved in page table walks during fault injection and address translation emulation do not properly acquire the SRCU lock (kvm->srcu) as expected. The functions walk_s1() and kvm_walk_nested_s2() require holding this lock to guard against changes in memory slots, but __kvm_at_s12() and __kvm_find_s1_desc_level() call these walkers without acquiring the lock. This can lead to unsafe conditions during page table walks.

The fix involves acquiring the SRCU lock (kvm->srcu) before performing the page table walk in these instances to ensure proper synchronization and prevent potential issues.

Mitigation Strategies

The vulnerability has been resolved by acquiring the kvm->srcu lock prior to page table walks in fault injection and AT emulation within the Linux kernel's KVM arm64 code.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Impact Analysis

This vulnerability involves improper locking in the Linux kernel's KVM subsystem for arm64 architectures, specifically related to page table walks during fault injection and address translation emulation. The issue arises because certain functions call page table walkers without holding the required SRCU lock, which is intended to guard against memory slot changes. This could potentially lead to race conditions or inconsistent memory state during virtualization operations.

The impact could include instability or incorrect behavior in virtualized environments running on affected Linux kernels, possibly leading to crashes or security issues related to memory management in KVM.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart