A high-severity memory corruption flaw in the Linux kernel KVM implementation for arm64 architectures could allow a local attacker to escalate privileges or cause a system crash.

This is a memory corruption vulnerability stemming from the improper reassignment of the nested_mmus array within the KVM subsystem. The issue allows a local process to access memory that has already been freed, leading to potential security bypasses.

The CVSS score of 8.8 reflects the high risk of this kernel-level vulnerability. A local attacker can exploit this to achieve privilege escalation, potentially gaining root access to the host machine. Furthermore, the vulnerability can be used to trigger a kernel panic, leading to system-wide denial-of-service, which is particularly critical for server environments.

Immediate Action: Apply the latest kernel security updates provided by your distribution vendor (e.g., Red Hat).

Proactive Monitoring: Monitor system logs for kernel oops or unexpected system instability following the execution of virtualization workloads.

Compensating Controls: Restrict access to the system to authorized users only, specifically limiting the ability to initiate KVM/virtualization processes.

Public Exploit Available: false

Kernel vulnerabilities of this nature should be treated with the highest priority. Administrators should test and deploy the provided kernel updates across all affected RHEL environments as soon as possible to mitigate the risk of local privilege escalation.