CVE-2026-46076
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: nSVM: Raise #UD if unhandled VMMCALL isn&#39;t intercepted by L1<br />
<br />
Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want<br />
to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the<br />
hypercall is something other than one of the supported Hyper-V hypercalls.<br />
When all of the above conditions are met, KVM will intercept VMMCALL but<br />
never forward it to L1, i.e. will let L2 make hypercalls as if it were L1.<br />
<br />
The TLFS says a whole lot of nothing about this scenario, so go with the<br />
architectural behavior, which says that VMMCALL #UDs if it&#39;s not<br />
intercepted.<br />
<br />
Opportunistically do a 2-for-1 stub trade by stub-ifying the new API<br />
instead of the helpers it uses. The last remaining "single" stub will<br />
soon be dropped as well.<br />
<br />
[sean: rewrite changelog and comment, tag for stable, remove defunct stubs]
Impact
Base Score 3.x
7.90
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.12.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



