491 matches found
SUSE CVE-2026-45987
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...
SUSE CVE-2026-46032
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....
SUSE CVE-2026-46059
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...
CVE-2026-46071
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM subsystem, specifically affecting its nested virtualization nSVM capabilities. The issue arises from incorrect handling of Virtual Machine Control Block Last Branch Record VMCBLBR data when copied to vmcb12, an operation that...
CVE-2026-46059
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine nSVM module. This vulnerability occurs when running nested virtual machines L2 guests with NRIPS Next Instruction Pointer Suppression disabled. After an L2 guest's initial run, the NextRIP value in vmcb02 may not be correctly...
CVE-2026-46076
A flaw was found in the Kernel-based Virtual Machine KVM nSVM module of the Linux kernel. This vulnerability occurs when an unhandled VMMCALL is not properly intercepted by the Level 1 L1 hypervisor. A malicious Level 2 L2 guest operating system could exploit this by making specific hypercalls,...
CVE-2026-46071
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
CVE-2026-46059
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...
CVE-2026-46032
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....
CVE-2026-45987
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...
UBUNTU-CVE-2026-46032
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....
UBUNTU-CVE-2026-46071
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...
CVE-2026-46076
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...
EUVD-2026-32458
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...
CVE-2026-46076
The CVE-2026-46076 entry concerns the Linux kernel KVM nSVM, where an unhandled VMMCALL can produce an Undefined Opcode (#UD) when L2 is active, L1 does not intercept, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is not among the supported Hyper-V hypercalls. The vulnerability ari...
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
EUVD-2026-32453
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
CVE-2026-46071
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
CVE-2026-46071
The CVE concerns the Linux kernel KVM nSVM path where svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB, while nested_svm_vmexit() copies LBRs to vmcb12 and clearing clean bits in vmcb12 is not architecturally defined. The fix moves vmcb_mark_dirty() to the call sites and drops ...