CVE-2026-46076

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

EUVD-2026-32458

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

CVE-2026-46076

The CVE-2026-46076 entry concerns the Linux kernel KVM nSVM, where an unhandled VMMCALL can produce an Undefined Opcode (#UD) when L2 is active, L1 does not intercept, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is not among the supported Hyper-V hypercalls. The vulnerability ari...

CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

EUVD-2026-32453

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

EUVD-2026-32441

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059

CVE-2026-46059 (Linux kernel, KVM nSVM) : The issue concerns how NextRIP is chosen for vmcb02 after an L2 VMRUN when NRIPS is disabled. Affected code uses the current RIP as NextRIP to emulate a CPU without NRIPS, but after the first L2 run NextRIP can be updated by the CPU/KVM, making the curren...

CVE-2026-46032

CVE-2026-46032 concerns the Linux kernel KVM/nSVM path. When restoring host CR3 fails during a nested #VMEXIT, nested_svm_vmexit() returns an error code that can be ignored, allowing L1 to run with corrupted state. The documented mitigation is to inject a triple fault and avoid returning early fr...

EUVD-2026-32413

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-46014

The CVE-2026-46014 issue affects the Linux kernel's KVM SVM path, where LBR MSRs (including MSR_IA32_DEBUGCTLMSR) were not properly saved/restored or enumerated by KVM_GET_MSR_INDEX_LIST, making save/restore of LBR state broken. The root cause is missing entries in msrs_to_save_base and restricti...

CVE-2026-45987

CVE-2026-45987 affects the Linux kernel KVM/nSVM handling of nested VMs. After a VMRUN, nested_sync_control_from_vmcb02() syncs fields from vmcb02 to the cached vmcb12, which is supposed to be the authoritative copy for some controls. Specifically, int_state bit 0 (SVM_INTERRUPT_SHADOW_MASK) is w...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the svmcopylbrs function in KVM nSVM, where the VMCBLBR bit is cleared in vmcb12, potentially leading t...

Linux Distros Unpatched Vulnerability : CVE-2026-46032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is...

PT-2026-43938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where the svm copy lbrs function always marks VMCB LBR as dirty in the destination VMCB. Because nested svm vmexit uses this to copy Last Branch...

CVE-2026-46082

KVM: SVM: Inject UD for INVLPGA if EFER.SVME=0...

PT-2026-43926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, an issue exists where the current RIP Instruction Pointer is incorrectly used as the NextRIP in vmcb02 after the first L2 VMRUN. For guests with NRIPS disabled...

PT-2026-43854

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description In the KVM nSVM component, the nested sync control from vmcb02 function fails to synchronize the int state field, specifically bit 0 SVM INTERRUPT SHADOW MASK, from vmcb02 to the cached...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a processing error in NextRIP within KVM nSVM. This vulnerability may lead to the use of...

CVE-2026-46059

KVM: nSVM: Always use NextRIP as vmcb02s NextRIP after first L2 VMRUN...