CVE-2026-53200
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability was found in the Linux kernel's KVM for ARM64, affecting the handling of the XN[0] bit when FEAT_XNX is not supported. The bug incorrectly uses FIELD_PREP() on the mask that clears XN[0], unconditionally granting execute permissions.
Risk Assessment
The organization faces the risk of unauthorized code execution within virtual machines, potentially leading to privilege escalation and breach of guest-host isolation.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit correcting the KVM/arm64 bug). Check your distribution for the patch and apply it in production environments.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX XN has already been extracted from its bitfield position so using FIELD_PREP() on the mask that clears XN[0] is completely broken, having the effect of unconditionally granting execute permissions... Fix the obvious mistake by manipulating the right bit.

