CVE-2026-46131
KVM x86 Nested EPT/NPT Validation Flaw
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability relates to the Linux kernel's KVM module for x86 architectures, specifically in the handling of nested virtualization with EPT/NPT (Extended Page Tables/Nested Page Tables). An incorrect check for nested page table usage could potentially lead to improper memory translation in nested guests, which might cause unexpected behavior or security issues in virtualized environments.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) component for x86 architectures. It involves an incorrect check for nested Extended Page Tables (nEPT) or nested Nested Page Tables (nNPT) during slow flush hypercalls. Specifically, the code incorrectly uses the is_guest_mode(vcpu) check, which is not valid unless an L2 guest is running with nested EPT/NPT enabled. The correct approach is to use the same condition as the translate_nested_gpa() function itself.