VDB

AZL-10540

AZL-10540 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Azure Linux:2kernel0, 0

Timeline

  • Aug 5, 2022 CVE Published
  • Apr 21, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›