Skip to content

Kernel software installed and running inside a Host VM...

Unreviewed Published Jul 10, 2026 to the GitHub Advisory Database • Updated Jul 10, 2026

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.

A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.

References

Published by the National Vulnerability Database Jul 10, 2026
Published to the GitHub Advisory Database Jul 10, 2026
Last updated Jul 10, 2026

Severity

Unknown

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(2nd percentile)

Weaknesses

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. Learn more on MITRE.

CVE ID

CVE-2026-45203

GHSA ID

GHSA-vf2q-w6vq-3hq8

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.