CVE-2026-43133
KVM: nSVM VMLOAD/VMSAVE Emulation Uses vmcb01
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation related to nested virtualization using nSVM. Specifically, the issue involves the VMLOAD and VMSAVE instructions used to save and load the guest state in virtual machines.
A commit intended to fix the handling of these instructions made KVM always use a specific control block (vmcb01) for certain fields, but it failed to update the VMLOAD/VMSAVE emulation code accordingly. As a result, when an L2 guest executes VMSAVE/VMLOAD and the L1 hypervisor does not intercept it, KVM incorrectly uses vmcb02 instead of vmcb01.
This mismatch can cause incorrect handling of the guest state during nested virtualization operations.
How can this vulnerability impact me? :
This vulnerability can lead to incorrect handling of the guest virtual machine state during nested virtualization scenarios. Specifically, if an L2 guest executes VMLOAD/VMSAVE instructions that are not intercepted by the L1 hypervisor, the KVM may use the wrong control block (vmcb02 instead of vmcb01).
This could potentially cause instability, incorrect behavior, or security issues in nested virtual machines, affecting the reliability and security of virtualized environments that rely on nested virtualization.