CVE-2026-46071

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined.

Move vmcb_mark_dirty() to callers and drop it for vmcb12.

This also facilitates incoming refactoring that does not pass the entire VMCB to svm_copy_lbrs().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd20c796ca3709801f8a7fa36e8770a3dd8ebd34e < a3f0981a5a0e0bd51ad74cc7d9eed32294b24002affected
LinuxLinuxd20c796ca3709801f8a7fa36e8770a3dd8ebd34e < 9efe23568806d1cd06f7d146f9b3037b8d585a9faffected
LinuxLinuxd20c796ca3709801f8a7fa36e8770a3dd8ebd34e < b53ab5167a81537777ac780bbd93d32613aa3bdaaffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References