Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when it occurs in direct MMUs. The sanity check of KVM is adjusted to only apply to direct MMUs, i.e., only to MMUs that do not have...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check whether the vCPU is not NULL in vgicv2parseattr. vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID. This CPUID may, of course, be invalid. If the ID is invalid,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit’...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID register for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...

CVE-2026-46317

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine for arm64 architectures. An issue in the reallocation of the nestedmmus array allows a process to access freed memory. This memory corruption vulnerability could enable a local attacker to escalate privileges or cause a denia...

KVM: x86: check for nEPT/nNPT in slow flush hypercalls

...

UBUNTU-CVE-2026-46147

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

CVE-2026-46113

CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

...

PT-2026-44236

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers GFNs for direct shadow pages by adding the SPTE index to sp-gfn. This...

UBUNTU-CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

CVE-2026-46032

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-46032

KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT...

CVE-2026-46076

KVM: nSVM: Raise UD if unhandled VMMCALL isnt intercepted by L1...