CVE-2026-46014
Analyzed Analyzed - Analysis Complete
LBR MSR Save/Restore Flaw in Linux Kernel

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSR_IA32_DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVM_GET_MSR_INDEX_LIST, and LBR MSRs cannot be set with KVM_SET_MSRS. So save/restore is completely broken. Fix it by adding the MSRs to msrs_to_save_base, and allowing writes to LBR MSRs from userspace only (as they are read-only MSRs) if LBR virtualization is enabled. Additionally, to correctly restore L1's LBRs while L2 is running, make sure the LBRs are copied from the captured VMCB01 save area in svm_copy_vmrun_state(). Note, for VMX, this also fixes a flaw where MSR_IA32_DEBUGCTLMSR isn't reported as an MSR to save/restore. Note #2, over-reporting MSR_IA32_LASTxxx on Intel is ok, as KVM already handles unsupported reads and writes thanks to commit b5e2fec0ebc3 ("KVM: Ignore DEBUGCTL MSRs with no effect") (kvm_do_msr_access() will morph the unsupported userspace write into a nop). [sean: guard with lbrv checks, massage changelog]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46014
EUVD
EUVD-2026-32395
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 2.6.26 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the KVM (Kernel-based Virtual Machine) subsystem, specifically the SVM (Secure Virtual Machine) feature. The issue is that certain Model-Specific Registers (MSRs), namely MSR_IA32_DEBUGCTLMSR and LBR (Last Branch Record) MSRs, were not properly handled during save and restore operations in virtualized environments.

Because these MSRs were not enumerated by KVM_GET_MSR_INDEX_LIST and could not be set with KVM_SET_MSRS, the save and restore functionality for these registers was completely broken. This could lead to incorrect virtualization behavior.

The fix involved adding these MSRs to the list of MSRs to save and restore, allowing writes to LBR MSRs from userspace only when LBR virtualization is enabled, and ensuring correct restoration of LBRs when nested virtualization is in use.

Impact Analysis

This vulnerability can impact systems running virtual machines using KVM with SVM by causing incorrect handling of debugging and branch recording registers during VM state save and restore operations.

Such incorrect handling may lead to inaccurate debugging information, potential instability, or unexpected behavior in virtualized environments, especially when nested virtualization is involved.

However, the vulnerability does not directly indicate a security breach or data exposure but rather a flaw in virtualization state management.

Mitigation Strategies

The vulnerability is resolved by adding missing save/restore handling of LBR MSRs in the Linux kernel's KVM subsystem. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Specifically, ensure that your kernel includes the patch that adds LBR MSRs to msrs_to_save_base and allows writes to LBR MSRs from userspace only if LBR virtualization is enabled.

No other immediate mitigation steps or workarounds are described.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46014. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart