CVE-2026-46071
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined.
Move vmcb_mark_dirty() to callers and drop it for vmcb12.
This also facilitates incoming refactoring that does not pass the entire VMCB to svm_copy_lbrs().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < a3f0981a5a0e0bd51ad74cc7d9eed32294b24002 | affected |
| Linux | Linux | d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < 9efe23568806d1cd06f7d146f9b3037b8d585a9f | affected |
| Linux | Linux | d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < b53ab5167a81537777ac780bbd93d32613aa3bda | affected |
| Linux | Linux | 5.19 | affected |
| Linux | Linux | 0 < 5.19 | unaffected |
| Linux | Linux | 6.18.27 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a3f0981a5a0e0bd51ad74cc7d9eed32294b24002
- https://git.kernel.org/stable/c/9efe23568806d1cd06f7d146f9b3037b8d585a9f
- https://git.kernel.org/stable/c/b53ab5167a81537777ac780bbd93d32613aa3bda
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.