CVE-2026-45987
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2<br />
<br />
After VMRUN in guest mode, nested_sync_control_from_vmcb02() syncs<br />
fields written by the CPU from vmcb02 to the cached vmcb12. This is<br />
because the cached vmcb12 is used as the authoritative copy of some of<br />
the controls, and is the payload when saving/restoring nested state.<br />
<br />
int_state is also written by the CPU, specifically bit 0 (i.e.<br />
SVM_INTERRUPT_SHADOW_MASK) for nested VMs, but it is not sync&#39;d to<br />
cached vmcb12. This does not cause a problem if KVM_SET_NESTED_STATE<br />
preceeds KVM_SET_VCPU_EVENTS in the restore path, as an interrupt shadow<br />
would be correctly restored to vmcb02 (KVM_SET_VCPU_EVENTS overwrites<br />
what KVM_SET_NESTED_STATE restored in int_state).<br />
<br />
However, if KVM_SET_VCPU_EVENTS preceeds KVM_SET_NESTED_STATE, an<br />
interrupt shadow would be restored into vmcb01 instead of vmcb02. This<br />
would mostly be benign for L1 (delays an interrupt), but not for L2. For<br />
L2, the vCPU could hang (e.g. if a wakeup interrupt is delivered before<br />
a HLT that should have been in an interrupt shadow).<br />
<br />
Sync int_state to the cached vmcb12 in nested_sync_control_from_vmcb02()<br />
to avoid this problem. With that, KVM_SET_NESTED_STATE restores the<br />
correct interrupt shadow state, and if KVM_SET_VCPU_EVENTS follows it<br />
would overwrite it with the same value.
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.8 (incluyendo) | 5.10.258 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (incluyendo) | 5.15.209 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (incluyendo) | 6.1.175 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (incluyendo) | 6.6.140 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.86 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.27 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 7.0.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/03bee264f8ebfd39e0254c98e112d033a7aa9055
- https://git.kernel.org/stable/c/0c1f74d8b74d8a31751fb6ea5417e48e02c93b58
- https://git.kernel.org/stable/c/1709418535a8df95532999d61b03d59975280258
- https://git.kernel.org/stable/c/2f950eeb27af6885416232761700b8820cae0a61
- https://git.kernel.org/stable/c/497f6af9679fc9c6ce2f438e11ed5d51b1aa8297
- https://git.kernel.org/stable/c/4b44aa1a134e499c4517597118378b308602a16c
- https://git.kernel.org/stable/c/e0377e52f3c10ee572732d11b04625b7f517a862
- https://git.kernel.org/stable/c/e39a77a9b1e17d2d831c304eafac4c41a784a0be



