Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-45987

Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2<br /> <br /> After VMRUN in guest mode, nested_sync_control_from_vmcb02() syncs<br /> fields written by the CPU from vmcb02 to the cached vmcb12. This is<br /> because the cached vmcb12 is used as the authoritative copy of some of<br /> the controls, and is the payload when saving/restoring nested state.<br /> <br /> int_state is also written by the CPU, specifically bit 0 (i.e.<br /> SVM_INTERRUPT_SHADOW_MASK) for nested VMs, but it is not sync&amp;#39;d to<br /> cached vmcb12. This does not cause a problem if KVM_SET_NESTED_STATE<br /> preceeds KVM_SET_VCPU_EVENTS in the restore path, as an interrupt shadow<br /> would be correctly restored to vmcb02 (KVM_SET_VCPU_EVENTS overwrites<br /> what KVM_SET_NESTED_STATE restored in int_state).<br /> <br /> However, if KVM_SET_VCPU_EVENTS preceeds KVM_SET_NESTED_STATE, an<br /> interrupt shadow would be restored into vmcb01 instead of vmcb02. This<br /> would mostly be benign for L1 (delays an interrupt), but not for L2. For<br /> L2, the vCPU could hang (e.g. if a wakeup interrupt is delivered before<br /> a HLT that should have been in an interrupt shadow).<br /> <br /> Sync int_state to the cached vmcb12 in nested_sync_control_from_vmcb02()<br /> to avoid this problem. With that, KVM_SET_NESTED_STATE restores the<br /> correct interrupt shadow state, and if KVM_SET_VCPU_EVENTS follows it<br /> would overwrite it with the same value.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.8 (incluyendo) 5.10.258 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (incluyendo) 5.15.209 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (incluyendo) 6.1.175 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (incluyendo) 6.6.140 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (incluyendo) 6.12.86 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (incluyendo) 6.18.27 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (incluyendo) 7.0.4 (excluyendo)