Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-53345 (GCVE-0-2026-53345)
Vulnerability from cvelistv5 – Published: 2026-07-01 13:32 – Updated: 2026-07-01 13:32| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 033d39e41fc30f484f4e4f37fb4cd76b12cbb18e
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 66a8e7ddd901023c89a2733494d827eca3f9c1b0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 343e95c8ecc40e0738975ef4ee24c0c35e800e6b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 99d7d43784ae3235026581e9bf892c036e04c8e6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8618004d3e897c0f1b71d9a9ab860461289bb89a (git) Affected: 0 , < 6.6.143 (semver) Affected: 0 , < 6.12.94 (semver) Affected: 0 , < 6.18.36 (semver) Affected: 0 , < 7.0.13 (semver) |
|
| Linux | Linux |
Unaffected:
6.6.143 , ≤ 6.6.*
(semver)
Unaffected: 6.12.94 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "033d39e41fc30f484f4e4f37fb4cd76b12cbb18e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "66a8e7ddd901023c89a2733494d827eca3f9c1b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "343e95c8ecc40e0738975ef4ee24c0c35e800e6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99d7d43784ae3235026581e9bf892c036e04c8e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8618004d3e897c0f1b71d9a9ab860461289bb89a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6.6.143",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.12.94",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.18.36",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.0.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying\n\nWhen marking a page dirty, complain about not having a running/loaded vCPU\nif and only if the VM is still alive, i.e. its refcount is non-zero. This\nwill allow fixing a memory leak for x86 SEV-ES guests without hitting what\nis effectively a false positive on the WARN.\n\nFor some SEV-ES VM-Exits, KVM keeps a writable mapping of a guest page\nacross an exit to userspace, and typically unmaps the page on the next\nKVM_RUN. But if userspace never calls KVM_RUN after such an exit, then KVM\nneeds to unmap the page when the vCPU is destroyed, which in turn triggers\nthe WARN about not having a running vCPU.\n\nAlternatively, SEV-ES could temporarily load the vCPU to suppress the WARN,\nas is done in nested_vmx_free_vcpu() (but for completely unrelated reasons;\nsuppressing WARN from nested_put_vmcs12_pages() is pure happenstance). But\nloading a vCPU during destruction is gross (ideally nVMX code would be\ncleaned up), risks complicating the SEV-ES code (KVM would need to ensure\nthe temporarily load()+put() only runs when the vCPU isn\u0027t already loaded),\nand is ultimately pointless.\n\nThe motivation for the WARN is to guard against KVM dirtying guest memory\nwithout pushing the corresponding GFN to the active vCPU\u0027s dirty ring, e.g.\nto ensure userspace doesn\u0027t miss a dirty page. But for the VM\u0027s refcount\nto reach zero, there can\u0027t be _any_ userspace mappings to the dirty ring,\nas mapping the dirty ring requires doing mmap() on the vCPU FD. I.e. if\nuserspace had a valid mapping for the dirty ring, then the vCPU file and\nthus the owning VM would still be alive. And so since userspace can\u0027t\npossibly reach the dirty ring, whether or not KVM technically \"misses\" a\npush to the dirty ring is irrelevant."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:32:25.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/033d39e41fc30f484f4e4f37fb4cd76b12cbb18e"
},
{
"url": "https://git.kernel.org/stable/c/66a8e7ddd901023c89a2733494d827eca3f9c1b0"
},
{
"url": "https://git.kernel.org/stable/c/343e95c8ecc40e0738975ef4ee24c0c35e800e6b"
},
{
"url": "https://git.kernel.org/stable/c/99d7d43784ae3235026581e9bf892c036e04c8e6"
},
{
"url": "https://git.kernel.org/stable/c/8618004d3e897c0f1b71d9a9ab860461289bb89a"
}
],
"title": "KVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53345",
"datePublished": "2026-07-01T13:32:25.098Z",
"dateReserved": "2026-06-09T07:44:35.399Z",
"dateUpdated": "2026-07-01T13:32:25.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-53345",
"date": "2026-07-02",
"epss": "0.00156",
"percentile": "0.05205"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53345\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-07-01T14:16:42.573\",\"lastModified\":\"2026-07-01T14:16:42.573\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying\\n\\nWhen marking a page dirty, complain about not having a running/loaded vCPU\\nif and only if the VM is still alive, i.e. its refcount is non-zero. This\\nwill allow fixing a memory leak for x86 SEV-ES guests without hitting what\\nis effectively a false positive on the WARN.\\n\\nFor some SEV-ES VM-Exits, KVM keeps a writable mapping of a guest page\\nacross an exit to userspace, and typically unmaps the page on the next\\nKVM_RUN. But if userspace never calls KVM_RUN after such an exit, then KVM\\nneeds to unmap the page when the vCPU is destroyed, which in turn triggers\\nthe WARN about not having a running vCPU.\\n\\nAlternatively, SEV-ES could temporarily load the vCPU to suppress the WARN,\\nas is done in nested_vmx_free_vcpu() (but for completely unrelated reasons;\\nsuppressing WARN from nested_put_vmcs12_pages() is pure happenstance). But\\nloading a vCPU during destruction is gross (ideally nVMX code would be\\ncleaned up), risks complicating the SEV-ES code (KVM would need to ensure\\nthe temporarily load()+put() only runs when the vCPU isn\u0027t already loaded),\\nand is ultimately pointless.\\n\\nThe motivation for the WARN is to guard against KVM dirtying guest memory\\nwithout pushing the corresponding GFN to the active vCPU\u0027s dirty ring, e.g.\\nto ensure userspace doesn\u0027t miss a dirty page. But for the VM\u0027s refcount\\nto reach zero, there can\u0027t be _any_ userspace mappings to the dirty ring,\\nas mapping the dirty ring requires doing mmap() on the vCPU FD. I.e. if\\nuserspace had a valid mapping for the dirty ring, then the vCPU file and\\nthus the owning VM would still be alive. And so since userspace can\u0027t\\npossibly reach the dirty ring, whether or not KVM technically \\\"misses\\\" a\\npush to the dirty ring is irrelevant.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"virt/kvm/kvm_main.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"033d39e41fc30f484f4e4f37fb4cd76b12cbb18e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"66a8e7ddd901023c89a2733494d827eca3f9c1b0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"343e95c8ecc40e0738975ef4ee24c0c35e800e6b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"99d7d43784ae3235026581e9bf892c036e04c8e6\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"8618004d3e897c0f1b71d9a9ab860461289bb89a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.6.143\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.12.94\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.18.36\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"7.0.13\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"virt/kvm/kvm_main.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"6.6.143\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.94\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.36\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.13\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/033d39e41fc30f484f4e4f37fb4cd76b12cbb18e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/343e95c8ecc40e0738975ef4ee24c0c35e800e6b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/66a8e7ddd901023c89a2733494d827eca3f9c1b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8618004d3e897c0f1b71d9a9ab860461289bb89a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/99d7d43784ae3235026581e9bf892c036e04c8e6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
FKIE_CVE-2026-53345
Vulnerability from fkie_nvd - Published: 2026-07-01 14:16 - Updated: 2026-07-01 14:16| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "033d39e41fc30f484f4e4f37fb4cd76b12cbb18e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "66a8e7ddd901023c89a2733494d827eca3f9c1b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "343e95c8ecc40e0738975ef4ee24c0c35e800e6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99d7d43784ae3235026581e9bf892c036e04c8e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8618004d3e897c0f1b71d9a9ab860461289bb89a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6.6.143",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.12.94",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.18.36",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.0.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying\n\nWhen marking a page dirty, complain about not having a running/loaded vCPU\nif and only if the VM is still alive, i.e. its refcount is non-zero. This\nwill allow fixing a memory leak for x86 SEV-ES guests without hitting what\nis effectively a false positive on the WARN.\n\nFor some SEV-ES VM-Exits, KVM keeps a writable mapping of a guest page\nacross an exit to userspace, and typically unmaps the page on the next\nKVM_RUN. But if userspace never calls KVM_RUN after such an exit, then KVM\nneeds to unmap the page when the vCPU is destroyed, which in turn triggers\nthe WARN about not having a running vCPU.\n\nAlternatively, SEV-ES could temporarily load the vCPU to suppress the WARN,\nas is done in nested_vmx_free_vcpu() (but for completely unrelated reasons;\nsuppressing WARN from nested_put_vmcs12_pages() is pure happenstance). But\nloading a vCPU during destruction is gross (ideally nVMX code would be\ncleaned up), risks complicating the SEV-ES code (KVM would need to ensure\nthe temporarily load()+put() only runs when the vCPU isn\u0027t already loaded),\nand is ultimately pointless.\n\nThe motivation for the WARN is to guard against KVM dirtying guest memory\nwithout pushing the corresponding GFN to the active vCPU\u0027s dirty ring, e.g.\nto ensure userspace doesn\u0027t miss a dirty page. But for the VM\u0027s refcount\nto reach zero, there can\u0027t be _any_ userspace mappings to the dirty ring,\nas mapping the dirty ring requires doing mmap() on the vCPU FD. I.e. if\nuserspace had a valid mapping for the dirty ring, then the vCPU file and\nthus the owning VM would still be alive. And so since userspace can\u0027t\npossibly reach the dirty ring, whether or not KVM technically \"misses\" a\npush to the dirty ring is irrelevant."
}
],
"id": "CVE-2026-53345",
"lastModified": "2026-07-01T14:16:42.573",
"metrics": {},
"published": "2026-07-01T14:16:42.573",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/033d39e41fc30f484f4e4f37fb4cd76b12cbb18e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/343e95c8ecc40e0738975ef4ee24c0c35e800e6b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/66a8e7ddd901023c89a2733494d827eca3f9c1b0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/8618004d3e897c0f1b71d9a9ab860461289bb89a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/99d7d43784ae3235026581e9bf892c036e04c8e6"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Received"
}
GHSA-M28W-5Q4V-5M48
Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35In the Linux kernel, the following vulnerability has been resolved:
KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying
When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will allow fixing a memory leak for x86 SEV-ES guests without hitting what is effectively a false positive on the WARN.
For some SEV-ES VM-Exits, KVM keeps a writable mapping of a guest page across an exit to userspace, and typically unmaps the page on the next KVM_RUN. But if userspace never calls KVM_RUN after such an exit, then KVM needs to unmap the page when the vCPU is destroyed, which in turn triggers the WARN about not having a running vCPU.
Alternatively, SEV-ES could temporarily load the vCPU to suppress the WARN, as is done in nested_vmx_free_vcpu() (but for completely unrelated reasons; suppressing WARN from nested_put_vmcs12_pages() is pure happenstance). But loading a vCPU during destruction is gross (ideally nVMX code would be cleaned up), risks complicating the SEV-ES code (KVM would need to ensure the temporarily load()+put() only runs when the vCPU isn't already loaded), and is ultimately pointless.
The motivation for the WARN is to guard against KVM dirtying guest memory without pushing the corresponding GFN to the active vCPU's dirty ring, e.g. to ensure userspace doesn't miss a dirty page. But for the VM's refcount to reach zero, there can't be any userspace mappings to the dirty ring, as mapping the dirty ring requires doing mmap() on the vCPU FD. I.e. if userspace had a valid mapping for the dirty ring, then the vCPU file and thus the owning VM would still be alive. And so since userspace can't possibly reach the dirty ring, whether or not KVM technically "misses" a push to the dirty ring is irrelevant.
{
"affected": [],
"aliases": [
"CVE-2026-53345"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T14:16:42Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying\n\nWhen marking a page dirty, complain about not having a running/loaded vCPU\nif and only if the VM is still alive, i.e. its refcount is non-zero. This\nwill allow fixing a memory leak for x86 SEV-ES guests without hitting what\nis effectively a false positive on the WARN.\n\nFor some SEV-ES VM-Exits, KVM keeps a writable mapping of a guest page\nacross an exit to userspace, and typically unmaps the page on the next\nKVM_RUN. But if userspace never calls KVM_RUN after such an exit, then KVM\nneeds to unmap the page when the vCPU is destroyed, which in turn triggers\nthe WARN about not having a running vCPU.\n\nAlternatively, SEV-ES could temporarily load the vCPU to suppress the WARN,\nas is done in nested_vmx_free_vcpu() (but for completely unrelated reasons;\nsuppressing WARN from nested_put_vmcs12_pages() is pure happenstance). But\nloading a vCPU during destruction is gross (ideally nVMX code would be\ncleaned up), risks complicating the SEV-ES code (KVM would need to ensure\nthe temporarily load()+put() only runs when the vCPU isn\u0027t already loaded),\nand is ultimately pointless.\n\nThe motivation for the WARN is to guard against KVM dirtying guest memory\nwithout pushing the corresponding GFN to the active vCPU\u0027s dirty ring, e.g.\nto ensure userspace doesn\u0027t miss a dirty page. But for the VM\u0027s refcount\nto reach zero, there can\u0027t be _any_ userspace mappings to the dirty ring,\nas mapping the dirty ring requires doing mmap() on the vCPU FD. I.e. if\nuserspace had a valid mapping for the dirty ring, then the vCPU file and\nthus the owning VM would still be alive. And so since userspace can\u0027t\npossibly reach the dirty ring, whether or not KVM technically \"misses\" a\npush to the dirty ring is irrelevant.",
"id": "GHSA-m28w-5q4v-5m48",
"modified": "2026-07-01T15:35:19Z",
"published": "2026-07-01T15:35:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53345"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/033d39e41fc30f484f4e4f37fb4cd76b12cbb18e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/343e95c8ecc40e0738975ef4ee24c0c35e800e6b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66a8e7ddd901023c89a2733494d827eca3f9c1b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8618004d3e897c0f1b71d9a9ab860461289bb89a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99d7d43784ae3235026581e9bf892c036e04c8e6"
}
],
"schema_version": "1.4.0",
"severity": []
}
MSRC_CVE-2026-53345
Vulnerability from csaf_microsoft - Published: 2026-07-02 00:00 - Updated: 2026-07-02 14:43| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
None Available
|
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-53345 KVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-53345.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "KVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying",
"tracking": {
"current_release_date": "2026-07-02T14:43:46.000Z",
"generator": {
"date": "2026-07-03T07:57:14.450Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-53345",
"initial_release_date": "2026-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-07-02T01:03:18.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-07-02T14:43:46.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kernel 0:6.6.143.1-1.azl3",
"product": {
"name": "azl3 kernel 0:6.6.143.1-1.azl3",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 0:6.6.143.1-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-53345",
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-53345 KVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-53345.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-07-02T01:03:18.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"title": "KVM: Don\u0027t WARN if memory is dirtied without a vCPU when the VM is dying"
}
]
}
WID-SEC-W-2026-2175
Vulnerability from csaf_certbund - Published: 2026-07-01 22:00 - Updated: 2026-07-02 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, darunter m\u00f6glicherweise das Ausl\u00f6sen eines Denial-of-Service-Zustands, die Umgehung von Sicherheitsma\u00dfnahmen oder das Verursachen von Speicherbesch\u00e4digungen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2175 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2175.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2175 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2175"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53326",
"url": "https://lore.kernel.org/linux-cve-announce/2026070140-CVE-2026-53326-8836@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53327",
"url": "https://lore.kernel.org/linux-cve-announce/2026070141-CVE-2026-53327-9db6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53328",
"url": "https://lore.kernel.org/linux-cve-announce/2026070142-CVE-2026-53328-d155@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53329",
"url": "https://lore.kernel.org/linux-cve-announce/2026070142-CVE-2026-53329-ccf5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53330",
"url": "https://lore.kernel.org/linux-cve-announce/2026070142-CVE-2026-53330-0e20@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53331",
"url": "https://lore.kernel.org/linux-cve-announce/2026070142-CVE-2026-53331-4674@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53332",
"url": "https://lore.kernel.org/linux-cve-announce/2026070142-CVE-2026-53332-639c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53333",
"url": "https://lore.kernel.org/linux-cve-announce/2026070143-CVE-2026-53333-082a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53334",
"url": "https://lore.kernel.org/linux-cve-announce/2026070143-CVE-2026-53334-4d11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53335",
"url": "https://lore.kernel.org/linux-cve-announce/2026070143-CVE-2026-53335-6f05@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53336",
"url": "https://lore.kernel.org/linux-cve-announce/2026070143-CVE-2026-53336-0ae1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53337",
"url": "https://lore.kernel.org/linux-cve-announce/2026070143-CVE-2026-53337-f2ec@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53338",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53338-59eb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53339",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53339-909c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53340",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53340-a78c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53341",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53341-64ff@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53342",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53342-cd87@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53343",
"url": "https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53343-e76a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53344",
"url": "https://lore.kernel.org/linux-cve-announce/2026070145-CVE-2026-53344-231c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53345",
"url": "https://lore.kernel.org/linux-cve-announce/2026070145-CVE-2026-53345-77f7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53346",
"url": "https://lore.kernel.org/linux-cve-announce/2026070145-CVE-2026-53346-3a6d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53347",
"url": "https://lore.kernel.org/linux-cve-announce/2026070145-CVE-2026-53347-da0e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53348",
"url": "https://lore.kernel.org/linux-cve-announce/2026070145-CVE-2026-53348-4872@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53349",
"url": "https://lore.kernel.org/linux-cve-announce/2026070146-CVE-2026-53349-a347@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53350",
"url": "https://lore.kernel.org/linux-cve-announce/2026070146-CVE-2026-53350-dcd9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53351",
"url": "https://lore.kernel.org/linux-cve-announce/2026070146-CVE-2026-53351-ca54@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53352",
"url": "https://lore.kernel.org/linux-cve-announce/2026070146-CVE-2026-53352-7327@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53353",
"url": "https://lore.kernel.org/linux-cve-announce/2026070146-CVE-2026-53353-ed67@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53354",
"url": "https://lore.kernel.org/linux-cve-announce/2026070147-CVE-2026-53354-f606@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53355",
"url": "https://lore.kernel.org/linux-cve-announce/2026070147-CVE-2026-53355-c555@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-53356",
"url": "https://lore.kernel.org/linux-cve-announce/2026070147-CVE-2026-53356-0d5f@gregkh/"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-07-03",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:34911 vom 2026-07-02",
"url": "https://access.redhat.com/errata/RHSA-2026:34911"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-02T22:00:00.000+00:00",
"generator": {
"date": "2026-07-03T06:50:58.380+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2175",
"initial_release_date": "2026-07-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-07-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-07-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T056110",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10263",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2025-10263"
},
{
"cve": "CVE-2026-53326",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53326"
},
{
"cve": "CVE-2026-53327",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53327"
},
{
"cve": "CVE-2026-53328",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53328"
},
{
"cve": "CVE-2026-53329",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53329"
},
{
"cve": "CVE-2026-53330",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53330"
},
{
"cve": "CVE-2026-53331",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53331"
},
{
"cve": "CVE-2026-53332",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53332"
},
{
"cve": "CVE-2026-53333",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53333"
},
{
"cve": "CVE-2026-53334",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53334"
},
{
"cve": "CVE-2026-53335",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53335"
},
{
"cve": "CVE-2026-53336",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53336"
},
{
"cve": "CVE-2026-53337",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53337"
},
{
"cve": "CVE-2026-53338",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53338"
},
{
"cve": "CVE-2026-53339",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53339"
},
{
"cve": "CVE-2026-53340",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53340"
},
{
"cve": "CVE-2026-53341",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53341"
},
{
"cve": "CVE-2026-53342",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53342"
},
{
"cve": "CVE-2026-53343",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53343"
},
{
"cve": "CVE-2026-53344",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53344"
},
{
"cve": "CVE-2026-53345",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53345"
},
{
"cve": "CVE-2026-53346",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53346"
},
{
"cve": "CVE-2026-53347",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53347"
},
{
"cve": "CVE-2026-53348",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53348"
},
{
"cve": "CVE-2026-53349",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53349"
},
{
"cve": "CVE-2026-53350",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53350"
},
{
"cve": "CVE-2026-53351",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53351"
},
{
"cve": "CVE-2026-53352",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53352"
},
{
"cve": "CVE-2026-53353",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53353"
},
{
"cve": "CVE-2026-53354",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53354"
},
{
"cve": "CVE-2026-53355",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53355"
},
{
"cve": "CVE-2026-53356",
"product_status": {
"known_affected": [
"67646",
"T049210",
"T056110"
]
},
"release_date": "2026-07-01T22:00:00.000+00:00",
"title": "CVE-2026-53356"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.