CVE-2026-43096
Analyzed Analyzed - Analysis Complete
mshv: Fix Infinite Fault Loop on Permission-Denied GPA Intercepts

Publication date: 2026-05-06

Last updated on: 2026-05-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshv_handle_gpa_intercept() attempts to remap pages for all faults on movable memory regions, regardless of whether the access type is permitted. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing immediate re-fault and spinning the vCPU indefinitely. Validate intercept access type against region permissions before attempting remaps. Reject writes to non-writable regions and executes to non-executable regions early, returning false to let the VMM handle the intercept appropriately. This also closes a potential DoS vector where malicious guests could intentionally trigger these fault loops to consume host resources.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43096
EUVD
EUVD-2026-27602
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mshv component, where an infinite fault loop occurs when guests access memory regions without proper permissions.

Specifically, the function mshv_handle_gpa_intercept() tries to remap pages for all faults on movable memory regions regardless of whether the access type is allowed. For example, if a guest writes to a read-only memory region, the remap succeeds but the region remains read-only, causing an immediate re-fault and spinning the virtual CPU indefinitely.

The fix involves validating the access type against region permissions before attempting remaps, rejecting unauthorized writes or executes early, and allowing the virtual machine monitor (VMM) to handle the intercept properly.

Impact Analysis

This vulnerability can lead to a denial-of-service (DoS) condition where a malicious guest intentionally triggers infinite fault loops to consume host resources.

The spinning virtual CPU caused by repeated faults can degrade system performance or cause instability in the host running the affected Linux kernel.

Mitigation Strategies

The vulnerability is resolved by validating intercept access types against region permissions before attempting remaps in the Linux kernel's mshv module.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for the mshv infinite fault loop issue.

This update prevents infinite fault loops caused by guests accessing memory regions without proper permissions, thereby avoiding potential denial-of-service attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart