CVE-2026-31591 PUBLISHED

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 24.04.2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing userspace to manipulate and/or run a vCPU while its state is being synchronized would at best corrupt vCPU state, and at worst crash the host kernel.

Opportunistically assert that vcpu->mutex is held when synchronizing its VMSA (the SEV-ES path already locks vCPUs).

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 30fd9d8c82087742168db779929d8be0459b0716 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 4df77742e8b9a6b935bdf46f02fd0aca4d4ee7f5 (excl.) affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c87938fc7d99a06a7e5477c45b4e5a4148f85d66 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected unaffected from 6.18.24 to 6.18.* (incl.) unaffected from 6.19.14 to 6.19.* (incl.) unaffected from 7.0.1 to 7.0.* (incl.)

CVE-2026-31591 PUBLISHED

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

Product Status

References