Home

Description

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshv_handle_gpa_intercept() attempts to remap pages for all faults on movable memory regions, regardless of whether the access type is permitted. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing immediate re-fault and spinning the vCPU indefinitely. Validate intercept access type against region permissions before attempting remaps. Reject writes to non-writable regions and executes to non-executable regions early, returning false to let the VMM handle the intercept appropriately. This also closes a potential DoS vector where malicious guests could intentionally trigger these fault loops to consume host resources.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner Linux

Product status

Default status
unaffected

b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 02226839079ccc558820a3b25c4c46812927b4ba
affected

b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 (git) before 16cbec24897624051b324aa3a85859c38ca65fde
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.19.14 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/02226839079ccc558820a3b25c4c46812927b4ba

git.kernel.org/...c/16cbec24897624051b324aa3a85859c38ca65fde

cve.org (CVE-2026-43096)

nvd.nist.gov (CVE-2026-43096)

Download JSON