CVE-2026-46071 PUBLISHED

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined.

Move vmcb_mark_dirty() to callers and drop it for vmcb12.

This also facilitates incoming refactoring that does not pass the entire VMCB to svm_copy_lbrs().

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from d20c796ca3709801f8a7fa36e8770a3dd8ebd34e to a3f0981a5a0e0bd51ad74cc7d9eed32294b24002 (excl.) affected from d20c796ca3709801f8a7fa36e8770a3dd8ebd34e to 9efe23568806d1cd06f7d146f9b3037b8d585a9f (excl.) affected from d20c796ca3709801f8a7fa36e8770a3dd8ebd34e to b53ab5167a81537777ac780bbd93d32613aa3bda (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.19 is affected unaffected from 0 to 5.19 (excl.) unaffected from 6.18.27 to 6.18.* (incl.) unaffected from 7.0.4 to 7.0.* (incl.) unaffected from 7.1-rc1 to * (incl.)

CVE-2026-46071 PUBLISHED

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

Product Status

References