CVE-2026-43096
Awaiting Analysis Awaiting Analysis - Queue
mshv: Fix Infinite Fault Loop on Permission-Denied GPA Intercepts

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshv_handle_gpa_intercept() attempts to remap pages for all faults on movable memory regions, regardless of whether the access type is permitted. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing immediate re-fault and spinning the vCPU indefinitely. Validate intercept access type against region permissions before attempting remaps. Reject writes to non-writable regions and executes to non-executable regions early, returning false to let the VMM handle the intercept appropriately. This also closes a potential DoS vector where malicious guests could intentionally trigger these fault loops to consume host resources.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43096
EUVD
EUVD-2026-27602
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's mshv component, where an infinite fault loop occurs when guests access memory regions without proper permissions.

Specifically, the function mshv_handle_gpa_intercept() tries to remap pages for all faults on movable memory regions regardless of whether the access type is allowed. For example, if a guest writes to a read-only memory region, the remap succeeds but the region remains read-only, causing an immediate re-fault and spinning the virtual CPU indefinitely.

The fix involves validating the access type against region permissions before attempting remaps, rejecting unauthorized writes or executes early, and allowing the virtual machine monitor (VMM) to handle the intercept properly.


How can this vulnerability impact me? :

This vulnerability can lead to a denial-of-service (DoS) condition where a malicious guest intentionally triggers infinite fault loops to consume host resources.

The spinning virtual CPU caused by repeated faults can degrade system performance or cause instability in the host running the affected Linux kernel.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by validating intercept access types against region permissions before attempting remaps in the Linux kernel's mshv module.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for the mshv infinite fault loop issue.

This update prevents infinite fault loops caused by guests accessing memory regions without proper permissions, thereby avoiding potential denial-of-service attacks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart