Severe DoS RCE Vulnerabilities in kvmtool Affect Multiple Ubuntu Releases

Severity: High (Score: 74.0)

Sources: Linuxsecurity, Ubuntu

Summary

A critical security flaw has been identified in kvmtool, affecting Ubuntu 22.04 LTS and its derivatives, including 20.04, 18.04, and 16.04 LTS. The vulnerabilities, tracked as CVE-2021-45464 and CVE-2023-2861, allow a malicious guest attacker to exploit memory management issues and improperly handled file systems. These exploits could lead to denial of service or arbitrary code execution on the host system. The vulnerabilities were disclosed on April 13, 2026, and are considered severe due to their potential impact on system integrity and availability. Users are advised to update their systems to the latest package versions to mitigate these risks. Ubuntu Pro users have access to extended security maintenance for these updates. The issues are particularly concerning for environments utilizing kvmtool for virtualization. Immediate action is recommended to prevent exploitation. Key Points: • kvmtool vulnerabilities allow denial of service and arbitrary code execution. • Affected Ubuntu versions include 22.04, 20.04, 18.04, and 16.04 LTS. • Users should update to the latest package versions to mitigate risks.

Key Entities

• DDoS (attack_type)
• CVE-2021-45464 (cve)
• CVE-2023-2861 (cve)
• Linux (platform)
• Ubuntu (company)