Main Vulnerability Database Vulnerabilities #VU124778

#VU124778 Improper resource shutdown or release in Linux kernel - CVE-2026-23401

Published: April 1, 2026

Vulnerability identifier: #VU124778

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23401

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper handling of SPTE updates in KVM MMU when installing emulated MMIO SPTEs. A local user can trigger a page fault after host userspace modifies guest memory mappings to switch from memslot to emulated MMIO, leading to an attempt to mark an already present SPTE as MMIO, which results in a kernel warning and potential guest crash. A local user can send a specially crafted request to cause a denial of service.

The issue arises when KVM fails to drop the existing shadow-present SPTE before installing an MMIO SPTE, resulting in inconsistent MMU state and triggering a kernel warning that can crash the guest.

Remediation

Install security update from vendor's repository.

External links

https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605

#VU124778 Improper resource shutdown or release in Linux kernel - CVE-2026-23401

Description

Remediation

External links

Please verify you're human