Vulnerability Details CVE-2026-53277
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
walk_s1() and kvm_walk_nested_s2() expect to be called while holding
kvm->srcu to guard against memslot changes. While this is generally
the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the
respective walkers without taking kvm->srcu.
Fix by acquiring kvm->srcu prior to the table walk in both instances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-53277
-
cpe:2.3:o:linux:linux_kernel:6.19
-
cpe:2.3:o:linux:linux_kernel:6.19.1
-
cpe:2.3:o:linux:linux_kernel:6.19.10
-
cpe:2.3:o:linux:linux_kernel:6.19.11
-
cpe:2.3:o:linux:linux_kernel:6.19.12
-
cpe:2.3:o:linux:linux_kernel:6.19.13
-
cpe:2.3:o:linux:linux_kernel:6.19.14
-
cpe:2.3:o:linux:linux_kernel:6.19.3
-
cpe:2.3:o:linux:linux_kernel:6.19.4
-
cpe:2.3:o:linux:linux_kernel:6.19.6
-
cpe:2.3:o:linux:linux_kernel:6.19.7
-
cpe:2.3:o:linux:linux_kernel:6.19.8
-
cpe:2.3:o:linux:linux_kernel:6.19.9
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.10
-
cpe:2.3:o:linux:linux_kernel:7.0.11
-
cpe:2.3:o:linux:linux_kernel:7.0.12
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3
-
cpe:2.3:o:linux:linux_kernel:7.0.4
-
cpe:2.3:o:linux:linux_kernel:7.0.5
-
cpe:2.3:o:linux:linux_kernel:7.0.6
-
cpe:2.3:o:linux:linux_kernel:7.0.7
-
cpe:2.3:o:linux:linux_kernel:7.0.8
-
cpe:2.3:o:linux:linux_kernel:7.0.9
-
cpe:2.3:o:linux:linux_kernel:7.1