CVE-2026-52959

Enriched by CISA

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer to retrieve a certificate blob from the host, keeping track of its size in report_req->certs_len. However, the host may return SNP_GUEST_VMM_ERR_INVALID_LEN, indicating an invalid buffer size, as well as the expected length of such buffer. get_ext_report() subsequently updates report_req->certs_len with the host-controlled value, and cleans up the buffer by computing a page order from such value. This is incorrect, as the host-provided length may not match the page order of the original allocation, potentially resulting in corruption in the page allocator. Fix this by using alloc_pages_exact() instead, and reusing @npages to compute the size passed to free_pages_exact(). For consistency, also use @npages to compute the size when allocating the pages, even though this last change has no functional effect.
https://nvd.nist.gov/vuln/detail/CVE-2026-52959

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/23e6a1ca04ae44806439a5a446e62e4d42e80bb4
https://git.kernel.org/stable/c/3f6fb0211b39aaa1b841260681dd02ca6b693ed5
https://git.kernel.org/stable/c/9e48b4f813d2c3db75d522aa82ab705ce04b7e2d

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	3e385c0d6ce88ac9916dcf84267bd5855d830748 < 3f6fb0211b39aaa1b841260681dd02ca6b693ed5 [affected] 3e385c0d6ce88ac9916dcf84267bd5855d830748 < 9e48b4f813d2c3db75d522aa82ab705ce04b7e2d [affected] 3e385c0d6ce88ac9916dcf84267bd5855d830748 < 23e6a1ca04ae44806439a5a446e62e4d42e80bb4 [affected] 0b16521f95c875e79d657cb8d6911c15080dbb80 [affected] 6.13.8 < 6.14 [affected]
Linux	Linux	6.14 [affected] < 6.14 [unaffected] 6.18.33 ≤ 6.18.* [unaffected] 7.0.10 ≤ 7.0.* [unaffected] 7.1 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.14	< 6.18.33
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.14	< 7.0.10
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.14	< 7.1
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.13.8

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee