CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059

CVE-2026-46059 (Linux kernel, KVM nSVM) : The issue concerns how NextRIP is chosen for vmcb02 after an L2 VMRUN when NRIPS is disabled. Affected code uses the current RIP as NextRIP to emulate a CPU without NRIPS, but after the first L2 run NextRIP can be updated by the CPU/KVM, making the curren...

CVE-2026-46032

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-46032

CVE-2026-46032 concerns the Linux kernel KVM/nSVM path. When restoring host CR3 fails during a nested #VMEXIT, nested_svm_vmexit() returns an error code that can be ignored, allowing L1 to run with corrupted state. The documented mitigation is to inject a triple fault and avoid returning early fr...

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

EUVD-2026-32413

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

EUVD-2026-32395

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

CVE-2026-46014

The CVE-2026-46014 issue affects the Linux kernel's KVM SVM path, where LBR MSRs (including MSR_IA32_DEBUGCTLMSR) were not properly saved/restored or enumerated by KVM_GET_MSR_INDEX_LIST, making save/restore of LBR state broken. The root cause is missing entries in msrs_to_save_base and restricti...

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-45987

CVE-2026-45987 affects the Linux kernel KVM/nSVM handling of nested VMs. After a VMRUN, nested_sync_control_from_vmcb02() syncs fields from vmcb02 to the cached vmcb12, which is supposed to be the authoritative copy for some controls. Specifically, int_state bit 0 (SVM_INTERRUPT_SHADOW_MASK) is w...

CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

PT-2026-43938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where the svm copy lbrs function always marks VMCB LBR as dirty in the destination VMCB. Because nested svm vmexit uses this to copy Last Branch...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the svmcopylbrs function in KVM nSVM, where the VMCBLBR bit is cleared in vmcb12, potentially leading t...

Linux Distros Unpatched Vulnerability : CVE-2026-46032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is...

Linux Distros Unpatched Vulnerability : CVE-2026-46014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot ...

Linux Distros Unpatched Vulnerability : CVE-2026-46071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to...

CVE-2026-45894

iommu/vt-d: Clear Present bit before tearing down PASID entry...

PT-2026-43761

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an entry, the current implementation zeros the entire 64-byte structure...

CVE-2026-46071

KVM: nSVM: Avoid clearing VMCBLBR in vmcb12...