CVE-2026-43265

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()

Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's demise. Continuing with the wakeup isn't perfect either, as something has gone sideways if a vCPU is awakened in L2 with an injected event (or worse, a nested run pending), but continuing on gives the VM a decent chance of surviving without any major side effects.

As explained in the Fixes commits, it should be impossible for a vCPU to be put into a blocking state with an already-injected event (exception, IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected events, and thus put the vCPU into what should be an impossible state.

Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller Kconfig, as WARNs can (hopefully) be added in paths where KVM would be violating x86 architecture, e.g. by WARNing if KVM attempts to inject an exception or interrupt while the vCPU isn't running.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < 78265cd066d73a5cb41c088fcae4a2515e480d97affected
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < ec3be7dc9391085a2d96700e159d66d1328b7ff6affected
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < 2657439265d34a911886b916ba8be97ecc117d51affected
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < 1e88b5f854bdb469424132e0bb44793ad7a7c20aaffected
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < 1c957773063ed3264953597e32990a748381caf6affected
LinuxLinux26844fee6adee9b1557d2279b0506285de9ee82b < ead63640d4e72e6f6d464f4e31f7fecb79af8869affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.77 <= 6.12.*unaffected
LinuxLinux6.18.17 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References