CVE-2026-46014
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: SVM: Add missing save/restore handling of LBR MSRs<br />
<br />
MSR_IA32_DEBUGCTLMSR and LBR MSRs are currently not enumerated by<br />
KVM_GET_MSR_INDEX_LIST, and LBR MSRs cannot be set with KVM_SET_MSRS. So<br />
save/restore is completely broken.<br />
<br />
Fix it by adding the MSRs to msrs_to_save_base, and allowing writes to<br />
LBR MSRs from userspace only (as they are read-only MSRs) if LBR<br />
virtualization is enabled. Additionally, to correctly restore L1&#39;s LBRs<br />
while L2 is running, make sure the LBRs are copied from the captured<br />
VMCB01 save area in svm_copy_vmrun_state().<br />
<br />
Note, for VMX, this also fixes a flaw where MSR_IA32_DEBUGCTLMSR isn&#39;t<br />
reported as an MSR to save/restore.<br />
<br />
Note #2, over-reporting MSR_IA32_LASTxxx on Intel is ok, as KVM already<br />
handles unsupported reads and writes thanks to commit b5e2fec0ebc3 ("KVM:<br />
Ignore DEBUGCTL MSRs with no effect") (kvm_do_msr_access() will morph the<br />
unsupported userspace write into a nop).<br />
<br />
[sean: guard with lbrv checks, massage changelog]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.26 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



