[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-23401":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":52,"related":53,"reserved_at":9,"published_at":54,"modified_at":55,"state":56,"summary":57,"references_raw":66,"kevs":97,"epss":98,"epss_history":101,"metrics":295,"affected":301},"CVE-2026-23401","In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\nexisting SPTE (if it's shadow-present).  While commit a54aa15c6bda3 was\nright about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE due to a _guest_ write, it failed to account for writes to guest\nmemory that are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present SPTE.\n\n  ------------[ cut here ]------------\n  is_shadow_present_pte(*sptep)\n  WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n  Call Trace:\n   \u003CTASK>\n   mmu_set_spte+0x237/0x440 [kvm]\n   ept_page_fault+0x535/0x7f0 [kvm]\n   kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]\n   kvm_mmu_page_fault+0x8d/0x620 [kvm]\n   vmx_handle_exit+0x18c/0x5a0 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n   kvm_vcpu_ioctl+0x2d5/0x980 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0xb5/0x730\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x47fa3f\n   \u003C/TASK>\n  ---[ end trace 0000000000000000 ]---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50],{"_key":23},"DEBIAN-CVE-2026-23401",{"_key":25},"RHSA-2026:14230",{"_key":27},"RHSA-2026:13577",{"_key":29},"RHSA-2026:13578",{"_key":31},"RHSA-2026:13936",{"_key":33},"RHSA-2026:14137",{"_key":35},"RHSA-2026:13932",{"_key":37},"RHSA-2026:14339",{"_key":39},"RHSA-2026:15883",{"_key":41},"UBUNTU-CVE-2026-23401",{"_key":43},"RHSA-2026:19521",{"_key":45},"RHSA-2026:19568",{"_key":47},"RHSA-2026:19569",{"_key":49},"RHSA-2026:19875",{"_key":51},"RHSA-2026:20593",[],[],"2026-04-01T08:36:32.367Z","2026-05-11T22:06:11.775Z","Analyzed",{"cisa_kev":58,"cisa_ransomware":58,"cisa_vendor":9,"epss_severity":59,"epss_score":60,"severity":61,"severity_score":62,"severity_version":63,"severity_source":64,"severity_vector":65,"severity_status":56},false,"low",0.00011,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[67,73,77,81,85,89,93],{"url":68,"sources":69,"tags":71},"https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605",[70,64],"cve.org",[72],"Patch",{"url":74,"sources":75,"tags":76},"https://git.kernel.org/stable/c/fd28c5618699180cd69619801e9ae6a5266c0a22",[70,64],[72],{"url":78,"sources":79,"tags":80},"https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f",[70,64],[72],{"url":82,"sources":83,"tags":84},"https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b",[70,64],[72],{"url":86,"sources":87,"tags":88},"https://git.kernel.org/stable/c/bce7fe59d43531623f3e43779127bfb33804925d",[70,64],[72],{"url":90,"sources":91,"tags":92},"https://git.kernel.org/stable/c/ed5909992f344a7d3f4024261e9f751d9618a27d",[70,64],[72],{"url":94,"sources":95,"tags":96},"https://git.kernel.org/stable/c/20656cd1f243d3a154aac5dd1b823110b6906fe1",[70,64],[72],[],{"date":99,"score":60,"percentile":100},"2026-06-04",0.0151,[102,106,109,112,115,118,120,124,127,130,133,136,140,143,146,149,152,155,158,161,164,168,171,174,177,181,184,187,190,193,195,198,201,205,208,211,214,217,220,223,226,229,231,234,237,240,243,246,249,252,254,257,261,264,266,268,271,274,277,280,283,285,288,291,294],{"date":103,"score":104,"percentile":105},"2026-04-01",0.00018,0.04717,{"date":107,"score":104,"percentile":108},"2026-04-02",0.04588,{"date":110,"score":104,"percentile":111},"2026-04-03",0.04601,{"date":113,"score":104,"percentile":114},"2026-04-04",0.04609,{"date":116,"score":104,"percentile":117},"2026-04-05",0.04603,{"date":119,"score":104,"percentile":111},"2026-04-06",{"date":121,"score":122,"percentile":123},"2026-04-07",0.00024,0.06315,{"date":125,"score":122,"percentile":126},"2026-04-08",0.06363,{"date":128,"score":122,"percentile":129},"2026-04-09",0.06405,{"date":131,"score":122,"percentile":132},"2026-04-10",0.06409,{"date":134,"score":122,"percentile":135},"2026-04-11",0.06398,{"date":137,"score":138,"percentile":139},"2026-04-12",0.00032,0.09236,{"date":141,"score":138,"percentile":142},"2026-04-13",0.09222,{"date":144,"score":138,"percentile":145},"2026-04-14",0.09095,{"date":147,"score":138,"percentile":148},"2026-04-15",0.0911,{"date":150,"score":138,"percentile":151},"2026-04-16",0.09117,{"date":153,"score":138,"percentile":154},"2026-04-17",0.09101,{"date":156,"score":138,"percentile":157},"2026-04-18",0.09098,{"date":159,"score":138,"percentile":160},"2026-04-19",0.09068,{"date":162,"score":138,"percentile":163},"2026-04-20",0.09055,{"date":165,"score":166,"percentile":167},"2026-04-21",0.00056,0.17455,{"date":169,"score":166,"percentile":170},"2026-04-22",0.17522,{"date":172,"score":166,"percentile":173},"2026-04-23",0.17538,{"date":175,"score":166,"percentile":176},"2026-04-24",0.17368,{"date":178,"score":179,"percentile":180},"2026-04-25",0.00017,0.04151,{"date":182,"score":179,"percentile":183},"2026-04-26",0.04148,{"date":185,"score":179,"percentile":186},"2026-04-27",0.04138,{"date":188,"score":179,"percentile":189},"2026-04-28",0.04166,{"date":191,"score":179,"percentile":192},"2026-04-29",0.04182,{"date":194,"score":179,"percentile":192},"2026-04-30",{"date":196,"score":179,"percentile":197},"2026-05-01",0.04181,{"date":199,"score":179,"percentile":200},"2026-05-02",0.04175,{"date":202,"score":203,"percentile":204},"2026-05-03",0.00019,0.0535,{"date":206,"score":203,"percentile":207},"2026-05-04",0.05341,{"date":209,"score":203,"percentile":210},"2026-05-05",0.05336,{"date":212,"score":203,"percentile":213},"2026-05-06",0.05344,{"date":215,"score":203,"percentile":216},"2026-05-07",0.05381,{"date":218,"score":203,"percentile":219},"2026-05-08",0.05379,{"date":221,"score":203,"percentile":222},"2026-05-09",0.05426,{"date":224,"score":203,"percentile":225},"2026-05-10",0.05444,{"date":227,"score":203,"percentile":228},"2026-05-11",0.05437,{"date":230,"score":203,"percentile":228},"2026-05-12",{"date":232,"score":203,"percentile":233},"2026-05-13",0.0545,{"date":235,"score":203,"percentile":236},"2026-05-14",0.0544,{"date":238,"score":203,"percentile":239},"2026-05-15",0.05445,{"date":241,"score":203,"percentile":242},"2026-05-16",0.05457,{"date":244,"score":203,"percentile":245},"2026-05-17",0.05451,{"date":247,"score":203,"percentile":248},"2026-05-18",0.05432,{"date":250,"score":203,"percentile":251},"2026-05-19",0.05427,{"date":253,"score":203,"percentile":222},"2026-05-20",{"date":255,"score":203,"percentile":256},"2026-05-21",0.05423,{"date":258,"score":259,"percentile":260},"2026-05-22",0.0001,0.01186,{"date":262,"score":259,"percentile":263},"2026-05-23",0.01185,{"date":265,"score":259,"percentile":263},"2026-05-24",{"date":267,"score":259,"percentile":260},"2026-05-25",{"date":269,"score":60,"percentile":270},"2026-05-26",0.01513,{"date":272,"score":60,"percentile":273},"2026-05-27",0.01526,{"date":275,"score":60,"percentile":276},"2026-05-28",0.01521,{"date":278,"score":60,"percentile":279},"2026-05-29",0.01532,{"date":281,"score":60,"percentile":282},"2026-05-30",0.01531,{"date":284,"score":60,"percentile":279},"2026-05-31",{"date":286,"score":60,"percentile":287},"2026-06-01",0.01517,{"date":289,"score":60,"percentile":290},"2026-06-02",0.01518,{"date":292,"score":60,"percentile":293},"2026-06-03",0.01511,{"date":99,"score":60,"percentile":100},[296],{"source":64,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":297,"cvss_v4_0":9},{"baseScore":62,"baseSeverity":298,"vectorString":65,"impactScore":299,"exploitabilityScore":300},"MEDIUM",6,4.6,[302,334],{"ecosystem":9,"name":303,"vendor":304,"product":304,"cpe_part":305,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":306},"Linux","linux","a",[307,314,317,320,323,326,329,332],{"version":308,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":312,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C 20656cd1f243d3a154aac5dd1b823110b6906fe1",true,"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","including","20656cd1f243d3a154aac5dd1b823110b6906fe1","excluding",{"version":315,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":316,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C ed5909992f344a7d3f4024261e9f751d9618a27d","ed5909992f344a7d3f4024261e9f751d9618a27d",{"version":318,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":319,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C fd28c5618699180cd69619801e9ae6a5266c0a22","fd28c5618699180cd69619801e9ae6a5266c0a22",{"version":321,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":322,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C 459158151a158a6703b49f3c9de0e536d8bd553f","459158151a158a6703b49f3c9de0e536d8bd553f",{"version":324,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":325,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C 695320de6eadb75aaed8be1787c4ce4c189e4c7b","695320de6eadb75aaed8be1787c4ce4c189e4c7b",{"version":327,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":328,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C bce7fe59d43531623f3e43779127bfb33804925d","bce7fe59d43531623f3e43779127bfb33804925d",{"version":330,"is_range":309,"range_type":70,"version_start":310,"version_start_type":311,"version_end":331,"version_end_type":313,"fixed_in":9},">= a54aa15c6bda3ca7e2f9e040ba968a1da303e24f, \u003C aad885e774966e97b675dfe928da164214a71605","aad885e774966e97b675dfe928da164214a71605",{"version":333,"is_range":58,"range_type":70,"version_start":333,"version_start_type":311,"version_end":333,"version_end_type":311,"fixed_in":9},"5.13",{"ecosystem":9,"name":335,"vendor":304,"product":336,"cpe_part":337,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":338},"linux kernel","linux_kernel","o",[339,344,348,352,356,360,364,365,367,369,371,373,375,377],{"version":340,"is_range":309,"range_type":341,"version_start":342,"version_start_type":311,"version_end":343,"version_end_type":313,"fixed_in":9},"gte5.13.1_lt5.15.203","cpe","5.13.1","5.15.203",{"version":345,"is_range":309,"range_type":341,"version_start":346,"version_start_type":311,"version_end":347,"version_end_type":313,"fixed_in":9},"gte5.16_lt6.1.168","5.16","6.1.168",{"version":349,"is_range":309,"range_type":341,"version_start":350,"version_start_type":311,"version_end":351,"version_end_type":313,"fixed_in":9},"gte6.2_lt6.6.131","6.2","6.6.131",{"version":353,"is_range":309,"range_type":341,"version_start":354,"version_start_type":311,"version_end":355,"version_end_type":313,"fixed_in":9},"gte6.7_lt6.12.80","6.7","6.12.80",{"version":357,"is_range":309,"range_type":341,"version_start":358,"version_start_type":311,"version_end":359,"version_end_type":313,"fixed_in":9},"gte6.13_lt6.18.21","6.13","6.18.21",{"version":361,"is_range":309,"range_type":341,"version_start":362,"version_start_type":311,"version_end":363,"version_end_type":313,"fixed_in":9},"gte6.19_lt6.19.11","6.19","6.19.11",{"version":333,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":366,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc1",{"version":368,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc2",{"version":370,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc3",{"version":372,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc4",{"version":374,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc5",{"version":376,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc6",{"version":378,"is_range":58,"range_type":341,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc7"]