CVE-2026-46071
published 2026-05-27CVE-2026-46071: In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 svm_copy_lbrs() always marks VMCB_LBR dirty in…
medium5.5
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB.
However, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and
clearing clean bits in vmcb12 is not architecturally defined.
Move vmcb_mark_dirty() to callers and drop it for vmcb12.
This also facilitates incoming refactoring that does not pass the entire
VMCB to svm_copy_lbrs().
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux | — | — |
| linux | linux | >= d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < a3f0981a5a0e0bd51ad74cc7d9eed32294b24002 | a3f0981a5a0e0bd51ad74cc7d9eed32294b24002 |
| linux | linux | >= d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < 9efe23568806d1cd06f7d146f9b3037b8d585a9f | 9efe23568806d1cd06f7d146f9b3037b8d585a9f |
| linux | linux | >= d20c796ca3709801f8a7fa36e8770a3dd8ebd34e < b53ab5167a81537777ac780bbd93d32613aa3bda | b53ab5167a81537777ac780bbd93d32613aa3bda |
| linux | linux_kernel | — | — |