CVE-2026-53360 Overview
CVE-2026-53360 affects the Linux kernel's KVM Secure Encrypted Virtualization (SEV) implementation. The flaw resides in the handling of the Guest Hypervisor Communication Block (GHCB) scratch area when a SEV-SNP guest uses GHCB v2 or higher. The kernel fails to require the software scratch area to reside inside the GHCB shared buffer, allowing a malicious guest to influence host-side allocation size and iteration bounds. This produces out-of-bounds reads and writes into adjacent kmalloc-cg-32 slab objects. A malicious guest can leak host kernel heap layout and corrupt neighboring allocations.
Critical Impact
A malicious SEV-SNP guest can corrupt host kernel heap memory, leak host heap layout information, and trigger use-after-free conditions across VMGEXITs, breaking the isolation guarantees SEV-SNP is designed to provide.
Affected Products
- Linux kernel with KVM SEV-SNP support enabled
- Host systems running AMD SEV-SNP guests using GHCB v2 or later
- Stable kernel trees prior to the commits referenced in the patch set
Discovery Timeline
- 2026-07-04 - CVE-2026-53360 published to the National Vulnerability Database (NVD)
- 2026-07-04 - Last updated in NVD database
Technical Details for CVE-2026-53360
Vulnerability Analysis
The vulnerability sits in the SEV-SNP Page State Change (PSC) handling path inside the KVM subsystem. The function setup_vmgexit_scratch() allocates a buffer using kvzalloc(exit_info_2), where exit_info_2 is fully guest-controlled. When the guest supplies exit_info_2=24, the host allocates 24 bytes in the kmalloc-cg-32 cache. That buffer stores an 8-byte psc_hdr followed by 8-byte psc_entry structs, so only entries[0] and entries[1] are within bounds.
The follow-on function snp_begin_psc() validates end_entry against VMGEXIT_PSC_MAX_COUNT (253), but never checks it against the actual allocated buffer size. When the guest sets end_entry to a value such as 10 or higher, the host iterates entries[2] through entries[end_entry], all of which land in adjacent slab objects.
Each out-of-bounds entry produces an 8-byte read that acts as an information leak oracle. When the read data satisfies PSC validation, __snp_complete_one_psc() writes cur_page = 1 or 512 into the entry, corrupting neighboring objects. When validation fails, the error response reveals whether adjacent memory is zero or non-zero, disclosing further host state to the guest.
Root Cause
The root cause is missing bounds enforcement on a guest-controlled length. The GHCB v2+ specification requires the scratch area to live inside the GHCB shared buffer, whose size is bounded. The Linux implementation neither enforced that placement nor validated end_entry against the actual allocation size. This produces an [CWE-125] out-of-bounds read and [CWE-787] out-of-bounds write in the SEV-SNP PSC handler.
Attack Vector
A malicious SEV-SNP guest issues crafted VMGEXIT calls with a small exit_info_2 value to force the host allocator into a small slab cache. The guest then sets cur_entry and end_entry so PSC iteration extends past the allocated buffer into adjacent objects. Repeated VMGEXITs let the attacker sweep different slab positions, producing 62 out-of-bounds reads and writes, 7 slab-use-after-free reports, and 4 use-after-free reports in a single KASAN-enabled reproducer run. The reproducer demonstrates heap disclosure and heap corruption from an unprivileged guest.
Detection Methods for CVE-2026-53360
Indicators of Compromise
- KASAN reports referencing snp_begin_psc+0x126/0x890 (read) or snp_begin_psc+0x468/0x890 (write) with a kmalloc-cg-32 cache in the buggy address message.
- Unexpected kernel oops, general protection faults, or use-after-free panics on SEV-SNP hosts running untrusted guest workloads.
- Anomalous high-frequency VMGEXIT traffic from a single guest with small exit_info_2 values.
Detection Strategies
- Enable KASAN on test kernels and run guest workloads to surface out-of-bounds accesses in snp_begin_psc and setup_vmgexit_scratch.
- Audit kernel logs for slab-out-of-bounds messages tied to the SEV code path.
- Track kernel version and patch state across the host fleet against the upstream stable commits listed in the references.
Monitoring Recommendations
- Collect host kernel dmesg and syslog into a centralized log store and alert on KASAN, BUG:, and WARNING: entries from arch/x86/kvm/svm/sev.c.
- Monitor SEV-SNP guest exit rates and flag guests that issue abnormally high VMGEXIT volumes.
- Correlate host kernel panics with tenant identity in multi-tenant confidential-computing environments.
How to Mitigate CVE-2026-53360
Immediate Actions Required
- Apply the upstream kernel fixes referenced in the kernel stable commit b328ede5, commit bf9ba093, commit c9b4198f, and commit db3f2195.
- Inventory hosts running KVM with SEV-SNP enabled and prioritize patching of multi-tenant confidential-computing hypervisors.
- Restrict which tenants can launch SEV-SNP guests until patched kernels are deployed.
Patch Information
The fix requires the software scratch area to reside in the GHCB's shared buffer when a guest uses GHCB v2 or later, aligning the implementation with the GHCB specification. The patched code also validates end_entry against the real allocation, preventing iteration past entries[1] on a 24-byte allocation. Distribution kernels should pick up the four stable commits listed above.
Workarounds
- Disable SEV-SNP on hosts where confidential computing is not required until patched kernels are installed.
- Limit guest workloads on affected hosts to trusted tenants only.
- Enable KASAN in staging environments to surface exploitation attempts during validation of the patch rollout.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

