VYPR
Vypr IntelligenceAI-generatedJul 5, 2026· 4 CVEs

Linux Kernel: Four Vulnerabilities in af_unix, ipv6, and KVM Disclosed Together

Four Linux kernel vulnerabilities impacting af_unix, ipv6, and KVM subsystems were disclosed together on July 5, 2026.

Key findings

  • Four Linux kernel vulnerabilities disclosed on July 5, 2026, affecting af_unix, ipv6, and KVM subsystems.
  • CVE-2026-53361 addresses a race condition in af_unix garbage collection.
  • CVE-2026-53362 corrects fragment gap accounting in the ipv6 subsystem.
  • CVE-2026-53359 is a KVM shadow paging use-after-free vulnerability.
  • CVE-2026-53360 enforces GHCB scratch area requirements for KVM SEV.
  • All disclosed vulnerabilities have been resolved in updated kernel versions.

On July 5, 2026, a batch of four vulnerabilities affecting the Linux kernel was disclosed. These vulnerabilities, all resolved on the same day, touch upon different components of the kernel, including the af_unix, ipv6, and KVM subsystems. The disclosures highlight ongoing security efforts within the Linux kernel development community to address potential security weaknesses.

The vulnerabilities include:

af_unix Garbage Collection Race Condition

CVE-2026-53361 addresses a race condition in the af_unix garbage collection mechanism. The issue arises because unix_gc() could potentially run while gc_in_progress is false if a work item is scheduled while the function is already executing. This could lead to unintended behavior or security implications within the Unix domain socket implementation.

IPv6 Fragment Gap Accounting

CVE-2026-53362 focuses on the ipv6 subsystem, specifically addressing how fragment gaps are accounted for on the paged allocation path. In __ip6_append_data(), the calculation of alloclen and pagedlen did not correctly account for fragment headers and transport headers when the paged-allocation branch was taken, potentially leading to incorrect memory management or data handling.

KVM Shadow Paging Use-After-Free

CVE-2026-53359 is a use-after-free vulnerability within the KVM (Kernel-based Virtual Machine) subsystem's shadow paging implementation. A previous fix for a shadow paging mismatch between stored and computed Guest Physical Numbers (GFNs) inadvertently introduced this bug. The vulnerability could be triggered by specific sequences of operations related to shadow paging.

KVM SEV Scratch Area Requirement

CVE-2026-53360 pertains to KVM's Secure Encrypted Virtualization (SEV) feature. It mandates that an in-GHCB scratch area must be used if GHCB version 2 or later is in use. According to the GHCB specification, the software scratch area is required to be within the GHCB's shared buffer for certain operations, such as Page State Change (PSC) requests, to function correctly.

All disclosed vulnerabilities have been resolved in updated kernel versions. Users are advised to update their Linux kernel to the latest available version to mitigate these risks. The coordinated disclosure of these issues underscores the continuous effort to maintain the security and stability of the Linux kernel.

AI-written article. Grounded in 4 CVE records listed below.