392 matches found
PT-2026-44236
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers GFNs for direct shadow pages by adding the SPTE index to sp-gfn. This...
UBUNTU-CVE-2026-45987
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...
CVE-2026-46071
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
CVE-2026-46032
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....
CVE-2026-46014
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...
CVE-2026-45987
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...
CVE-2026-46032
KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT...
PT-2026-43899
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, a failure to restore the host CR3 Control Register 3, which manages page tables during a nested VMEXIT can lead to the system continuing to run the L1 guest wi...
CVE-2026-46076
KVM: nSVM: Raise UD if unhandled VMMCALL isnt intercepted by L1...
PT-2026-43943
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where a VMMCALL is not properly handled when L2 is active, L1 does not want to intercept the VMMCALL, nested svm l2 tlb flush enabled is true, a...
Linux Distros Unpatched Vulnerability : CVE-2026-46071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID register for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: KVM: Do not dereference ops-destroy with a null pointer. The cleanup of a KVM device occurs through either of two callbacks: 1 destroy, called when the VM is being destroyed; 2 release, called when a device file descriptor is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handling the case where EIOINTC’s coremap is empty EIOINTC’s coremap in eiointcupdateswcoremap can be empty. Currently, we get a cpuid value of -1 in this case, but we actually need a value of 0, as it is similar ...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A flaw was discovered in KVM. When calling the KVMGETDEBUGREGS ioctl on 32-bit systems, there might be uninitialized portions of the kvm Debugregs structure that could be copied into user space, resulting in an information leak...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Fixed a stack-out-of-bounds memory access from ioapicwriteindirect. KASAN reports the following issue: BUG: In kvmmakevcpusrequestmask+0x174/0x440 kvm, there is a stack-out-of-bounds situation. A read of size 8 at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when the operation is performed on direct MMUs. This adjustment applies only to MMUs that do not have shadowed gPTEs. Although it’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvmgfntopfncacheinit’...