CVE-2026-23401 — Use After Free in Linux
Severity
6.5MEDIUM
No vectorEPSS
0.0%
top 90.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 1
Latest updateApr 20
Description
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
When installing an emulated MMIO SPTE, do so *after* dropping/zapping the
existing SPTE (if it's shadow-present). While commit a54aa15c6bda3 was
right about it being impossible to convert a shadow-present SPTE to an
MMIO SPTE due to a _guest_ write, it failed to account for writes to guest
memory that are outside the scope of KVM.
E.g. if host usersp…
Affected Packages3 packages
▶CVEListV5linux/linuxa54aa15c6bda3ca7e2f9e040ba968a1da303e24f — ed5909992f344a7d3f4024261e9f751d9618a27d+6
🔴Vulnerability Details
3VulDB▶
Linux Kernel up to 7.0-rc5 KVM is_shadow_present_pte memory corruption (EUVD-2026-17828 / Nessus ID 304626)↗2026-04-20
GHSA▶
GHSA-2g4m-3wvw-crq2: In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
Whe↗2026-04-01
OSV▶
CVE-2026-23401: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When↗2026-04-01
📋Vendor Advisories
3Red Hat
▶
Debian▶
CVE-2026-23401: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mm...↗2026
🕵️Threat Intelligence
12💬Community
1Bugzilla▶
CVE-2026-23401 kernel: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE↗2026-04-01