Home

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT If loading L1's CR3 fails on a nested #VMEXIT, nested_svm_vmexit() returns an error code that is ignored by most callers, and continues to run L1 with corrupted state. A sane recovery is not possible in this case, and HW behavior is to cause a shutdown. Inject a triple fault instead, and do not return early from nested_svm_vmexit(). Continue cleaning up the vCPU state (e.g. clear pending exceptions), to handle the failure as gracefully as possible. From the APM: Upon #VMEXIT, the processor performs the following actions in order to return to the host execution context: ... if (illegal host state loaded, or exception while loading host state) shutdown else execute first host instruction following the VMRUN Remove the return value of nested_svm_vmexit(), which is mostly unchecked anyway.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status
unaffected

d82aaef9c88aa27bce63751d6d6329920b1fe8da (git) before 9a738cf170a4a2332ea3a15e23ec65b5757fe4a1
affected

d82aaef9c88aa27bce63751d6d6329920b1fe8da (git) before 5d291ef0585ed880ed4dd71ea1a5965e0a65fb53
affected

Default status
affected

5.9
affected

Any version before 5.9
unaffected

7.0.4 (semver)
unaffected

7.1-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/9a738cf170a4a2332ea3a15e23ec65b5757fe4a1

git.kernel.org/...c/5d291ef0585ed880ed4dd71ea1a5965e0a65fb53

cve.org (CVE-2026-46032)

nvd.nist.gov (CVE-2026-46032)

Download JSON