CVE-2026-46076

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: nSVM: Raise #UD if unhandled VMMCALL isn&amp;#39;t intercepted by L1<br /> <br /> Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want<br /> to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the<br /> hypercall is something other than one of the supported Hyper-V hypercalls.<br /> When all of the above conditions are met, KVM will intercept VMMCALL but<br /> never forward it to L1, i.e. will let L2 make hypercalls as if it were L1.<br /> <br /> The TLFS says a whole lot of nothing about this scenario, so go with the<br /> architectural behavior, which says that VMMCALL #UDs if it&amp;#39;s not<br /> intercepted.<br /> <br /> Opportunistically do a 2-for-1 stub trade by stub-ifying the new API<br /> instead of the helpers it uses. The last remaining "single" stub will<br /> soon be dropped as well.<br /> <br /> [sean: rewrite changelog and comment, tag for stable, remove defunct stubs]

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.12.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)