CVE-2026-45987

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2<br /> <br /> After VMRUN in guest mode, nested_sync_control_from_vmcb02() syncs<br /> fields written by the CPU from vmcb02 to the cached vmcb12. This is<br /> because the cached vmcb12 is used as the authoritative copy of some of<br /> the controls, and is the payload when saving/restoring nested state.<br /> <br /> int_state is also written by the CPU, specifically bit 0 (i.e.<br /> SVM_INTERRUPT_SHADOW_MASK) for nested VMs, but it is not sync&amp;#39;d to<br /> cached vmcb12. This does not cause a problem if KVM_SET_NESTED_STATE<br /> preceeds KVM_SET_VCPU_EVENTS in the restore path, as an interrupt shadow<br /> would be correctly restored to vmcb02 (KVM_SET_VCPU_EVENTS overwrites<br /> what KVM_SET_NESTED_STATE restored in int_state).<br /> <br /> However, if KVM_SET_VCPU_EVENTS preceeds KVM_SET_NESTED_STATE, an<br /> interrupt shadow would be restored into vmcb01 instead of vmcb02. This<br /> would mostly be benign for L1 (delays an interrupt), but not for L2. For<br /> L2, the vCPU could hang (e.g. if a wakeup interrupt is delivered before<br /> a HLT that should have been in an interrupt shadow).<br /> <br /> Sync int_state to the cached vmcb12 in nested_sync_control_from_vmcb02()<br /> to avoid this problem. With that, KVM_SET_NESTED_STATE restores the<br /> correct interrupt shadow state, and if KVM_SET_VCPU_EVENTS follows it<br /> would overwrite it with the same value.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.8 (including) 5.10.258 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.209 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.175 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)