CVE-2026-46071
Awaiting Analysis Awaiting Analysis - Queue
KVM: nSVM VMCB_LBR Handling Issue in Linux Kernel

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined. Move vmcb_mark_dirty() to callers and drop it for vmcb12. This also facilitates incoming refactoring that does not pass the entire VMCB to svm_copy_lbrs().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46071
EUVD
EUVD-2026-32453
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability relates to the Linux kernel's KVM nested virtualization feature, specifically involving the handling of the VMCB_LBR field in vmcb12. Improper clearing of VMCB_LBR could potentially lead to incorrect behavior in nested virtual machines, which might affect system stability or security in environments using nested virtualization.

Executive Summary

This vulnerability involves the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically related to nested virtualization using AMD's nSVM technology. The issue is that the function svm_copy_lbrs() always marks the VMCB_LBR (Virtual Machine Control Block Last Branch Record) as dirty in the destination VMCB. However, when nested_svm_vmexit() copies LBRs to vmcb12, clearing clean bits in vmcb12 is not architecturally defined, which could lead to improper handling of these bits. The fix involved moving the vmcb_mark_dirty() call to the appropriate callers and dropping it for vmcb12, preventing undefined behavior and facilitating future refactoring.

Compliance Impact

There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46071. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart