CVE-2026-46147

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()<br /> <br /> Two bugs exist in the vCPU initialisation path:<br /> <br /> 1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup<br /> path jumps to &amp;#39;unlock&amp;#39; without calling unpin_host_vcpu() or<br /> unpin_host_sve_state(), permanently leaking pin references on the<br /> host vCPU and SVE state pages.<br /> <br /> Extract a register_hyp_vcpu() helper that performs the checks and<br /> the store. When register_hyp_vcpu() returns an error, call<br /> unpin_host_vcpu() and unpin_host_sve_state() inline before falling<br /> through to the existing &amp;#39;unlock&amp;#39; label.<br /> <br /> 2. register_hyp_vcpu() publishes the new vCPU pointer into<br /> &amp;#39;hyp_vm-&gt;vcpus[]&amp;#39; with a bare store, allowing a concurrent caller<br /> of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU<br /> object.<br /> <br /> Ensure the store uses smp_store_release() and the load uses<br /> smp_load_acquire(). While &amp;#39;vm_table_lock&amp;#39; currently serialises the<br /> store and the load, these barriers ensure the reader sees the fully<br /> initialised &amp;#39;hyp_vcpu&amp;#39; object even if there were a lockless path or<br /> if the lock&amp;#39;s own ordering guarantees were insufficient for nested<br /> object initialization.