CVE-2026-46295

In the Linux kernel KVM for x86, CVE-2026-46295 stems from a race between vmx_sync_pir_to_irr() on the target vCPU and __vmx_deliver_posted_interrupt() on a sender vCPU. The sequence of operations (pi_test_and_set_pir, then pi_test_and_set_on) can interleave such that the second sync reports max_...

CVE-2023-53208

CVE-2023-53208 : Linux kernel KVM nested virtualization flaw where L1’s TSC multiplier is loaded based on L1 state instead of L2, causing a mismatch that userspace can trigger via MSR writes and guest CPUID changes. The fix ensures L1’s multiplier is loaded when exiting nested VM, preventing the ...

UBUNTU-CVE-2025-21839

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...

kernel: SVM nested virtualization issue in KVM (AVIC support)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...