CVE-2026-43265
Received Received - Intake
Race Condition in Linux Kernel KVM x86 Module

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's demise. Continuing with the wakeup isn't perfect either, as *something* has gone sideways if a vCPU is awakened in L2 with an injected event (or worse, a nested run pending), but continuing on gives the VM a decent chance of surviving without any major side effects. As explained in the Fixes commits, it _should_ be impossible for a vCPU to be put into a blocking state with an already-injected event (exception, IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected events, and thus put the vCPU into what should be an impossible state. Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller Kconfig, as WARNs can (hopefully) be added in paths where _KVM_ would be violating x86 architecture, e.g. by WARNing if KVM attempts to inject an exception or interrupt while the vCPU isn't running.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43265
EUVD
EUVD-2026-27662
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for x86 architectures. It involves the handling of nested events when a virtual CPU (vCPU) is in a blocking state while a second-level (L2) virtual machine is active.

Specifically, the kernel incorrectly treats the -EBUSY error code when checking nested events from the vcpu_block() function. Exiting a blocking state while L2 is active can generate a spurious userspace exit, often with KVM_EXIT_UNKNOWN, which can cause the virtual machine to crash or behave unexpectedly.

The fix involves ignoring the -EBUSY error in this context to allow the VM to continue running, giving it a better chance of surviving without major side effects, even though the state is unusual and should ideally never occur.


How can this vulnerability impact me? :

This vulnerability can cause virtual machines running under KVM on affected Linux kernels to unexpectedly exit or crash due to improper handling of nested events during blocking states.

Such crashes or unexpected exits can lead to downtime, loss of service availability, or instability in virtualized environments, potentially impacting workloads running inside those VMs.

While the fix improves VM stability by ignoring the -EBUSY error in this scenario, the underlying issue indicates that userspace can put the vCPU into an impossible state, which might be indicative of deeper bugs or misuse.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved in the Linux kernel by ignoring the -EBUSY error when checking nested events from vcpu_block(). To mitigate this vulnerability, you should update your Linux kernel to the version that includes this fix.

No specific immediate commands or configuration changes are provided in the available information. The best mitigation is to apply the kernel update that contains the fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart