CVE-2026-46014

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: SVM: Add missing save/restore handling of LBR MSRs<br /> <br /> MSR_IA32_DEBUGCTLMSR and LBR MSRs are currently not enumerated by<br /> KVM_GET_MSR_INDEX_LIST, and LBR MSRs cannot be set with KVM_SET_MSRS. So<br /> save/restore is completely broken.<br /> <br /> Fix it by adding the MSRs to msrs_to_save_base, and allowing writes to<br /> LBR MSRs from userspace only (as they are read-only MSRs) if LBR<br /> virtualization is enabled. Additionally, to correctly restore L1&amp;#39;s LBRs<br /> while L2 is running, make sure the LBRs are copied from the captured<br /> VMCB01 save area in svm_copy_vmrun_state().<br /> <br /> Note, for VMX, this also fixes a flaw where MSR_IA32_DEBUGCTLMSR isn&amp;#39;t<br /> reported as an MSR to save/restore.<br /> <br /> Note #2, over-reporting MSR_IA32_LASTxxx on Intel is ok, as KVM already<br /> handles unsupported reads and writes thanks to commit b5e2fec0ebc3 ("KVM:<br /> Ignore DEBUGCTL MSRs with no effect") (kvm_do_msr_access() will morph the<br /> unsupported userspace write into a nop).<br /> <br /> [sean: guard with lbrv checks, massage changelog]

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.26 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)