CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated<br /> <br /> Explicitly set/clear CR8 write interception when AVIC is (de)activated to<br /> fix a bug where KVM leaves the interception enabled after AVIC is<br /> activated. E.g. if KVM emulates INIT=&gt;WFS while AVIC is deactivated, CR8<br /> will remain intercepted in perpetuity.<br /> <br /> On its own, the dangling CR8 intercept is "just" a performance issue, but<br /> combined with the TPR sync bug fixed by commit d02e48830e3f ("KVM: SVM:<br /> Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active"), the danging<br /> intercept is fatal to Windows guests as the TPR seen by hardware gets<br /> wildly out of sync with reality.<br /> <br /> Note, VMX isn&amp;#39;t affected by the bug as TPR_THRESHOLD is explicitly ignored<br /> when Virtual Interrupt Delivery is enabled, i.e. when APICv is active in<br /> KVM&amp;#39;s world. I.e. there&amp;#39;s no need to trigger update_cr8_intercept(), this<br /> is firmly an SVM implementation flaw/detail.<br /> <br /> WARN if KVM gets a CR8 write #VMEXIT while AVIC is active, as KVM should<br /> never enter the guest with AVIC enabled and CR8 writes intercepted.<br /> <br /> [Squash fix to avic_deactivate_vmcb. - Paolo]