CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

CVE-2026-46071

The CVE concerns the Linux kernel KVM nSVM path where svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB, while nested_svm_vmexit() copies LBRs to vmcb12 and clearing clean bits in vmcb12 is not architecturally defined. The fix moves vmcb_mark_dirty() to the call sites and drops ...

EUVD-2026-32441

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

CVE-2026-46059

CVE-2026-46059 (Linux kernel, KVM nSVM) : The issue concerns how NextRIP is chosen for vmcb02 after an L2 VMRUN when NRIPS is disabled. Affected code uses the current RIP as NextRIP to emulate a CPU without NRIPS, but after the first L2 run NextRIP can be updated by the CPU/KVM, making the curren...

CVE-2026-46032

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-46032

CVE-2026-46032 concerns the Linux kernel KVM/nSVM path. When restoring host CR3 fails during a nested #VMEXIT, nested_svm_vmexit() returns an error code that can be ignored, allowing L1 to run with corrupted state. The documented mitigation is to inject a triple fault and avoid returning early fr...

CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

EUVD-2026-32413

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is ignored by most callers, and continues to run L1 with corrupted state....

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-45987

CVE-2026-45987 affects the Linux kernel KVM/nSVM handling of nested VMs. After a VMRUN, nested_sync_control_from_vmcb02() syncs fields from vmcb02 to the cached vmcb12, which is supposed to be the authoritative copy for some controls. Specifically, int_state bit 0 (SVM_INTERRUPT_SHADOW_MASK) is w...

CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

Linux Distros Unpatched Vulnerability : CVE-2026-46071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to...

Linux Distros Unpatched Vulnerability : CVE-2026-46032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is...

PT-2026-43938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM nSVM component where the svm copy lbrs function always marks VMCB LBR as dirty in the destination VMCB. Because nested svm vmexit uses this to copy Last Branch...

CVE-2026-46071

KVM: nSVM: Avoid clearing VMCBLBR in vmcb12...

PT-2026-43926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, an issue exists where the current RIP Instruction Pointer is incorrectly used as the NextRIP in vmcb02 after the first L2 VMRUN. For guests with NRIPS disabled...

PT-2026-43854

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description In the KVM nSVM component, the nested sync control from vmcb02 function fails to synchronize the int state field, specifically bit 0 SVM INTERRUPT SHADOW MASK, from vmcb02 to the cached...

CentOS 9 : kernel-5.14.0-708.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-708.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks...

CVE-2026-45987

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2...

Linux Distros Unpatched Vulnerability : CVE-2026-46076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL,...