EUVD-2026-32441

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46032

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-45987

CVE-2026-45987 affects the Linux kernel KVM/nSVM handling of nested VMs. After a VMRUN, nested_sync_control_from_vmcb02() syncs fields from vmcb02 to the cached vmcb12, which is supposed to be the authoritative copy for some controls. Specifically, int_state bit 0 (SVM_INTERRUPT_SHADOW_MASK) is w...

Linux Distros Unpatched Vulnerability : CVE-2026-46071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to...

PT-2026-43938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where the svm copy lbrs function always marks VMCB LBR as dirty in the destination VMCB. Because nested svm vmexit uses this to copy Last Branch...

CVE-2026-46071

KVM: nSVM: Avoid clearing VMCBLBR in vmcb12...

PT-2026-43926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, an issue exists where the current RIP Instruction Pointer is incorrectly used as the NextRIP in vmcb02 after the first L2 VMRUN. For guests with NRIPS disabled...

PT-2026-43854

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description In the KVM nSVM component, the nested sync control from vmcb02 function fails to synchronize the int state field, specifically bit 0 SVM INTERRUPT SHADOW MASK, from vmcb02 to the cached...

CVE-2026-45987

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2...

CVE-2026-46076

KVM: nSVM: Raise UD if unhandled VMMCALL isnt intercepted by L1...

Linux Distros Unpatched Vulnerability : CVE-2026-46076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from KVM nSVM failing to synchronize the interrupt shadow with the cached vmcb12 after VMRUN,...

PT-2026-43943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where a VMMCALL is not properly handled when L2 is active, L1 does not want to intercept the VMMCALL, nested svm l2 tlb flush enabled is true, a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unintercepted VMMCALL in KVM nSVM. This vulnerability may lead to unauthorized supercalls at...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to return an error code when restoring the host CR3 during a nested VMEXIT, but this...

CVE-2026-46032

KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, which handles SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the “virtext” field, this issue could all...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the “intct...