HIGHCVE-2026-43133Published Modified CNA Linux
CVE-2026-43133: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed updating the VMLOAD/VMSAVE emulation code to always use vmcb01. As a result, if VMSAVE/VMLOAD is executed by an L2 guest and is not intercepted by L1, KVM will mistakenly use vmcb02. Always use vmcb01 instead of the current VMCB.
Metrics
- CVSS v3.1
- 7.9
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
00004ecb798b30e90d7ebfe74efae2d9423315a6410063e1251c1485034a018236080792ad083dcc5127ccae2c185f62e6ecb4bf24f9cb307e9b9c6193880e331b0b31d0d5d3702b124f6c93539cd478a5.15.2026.1.1656.6.1286.12.756.18.166.19.67.0c3b7015000988ba35ecd5648f4b2283960f00543d464cf1ed900d47c85393d40b00017b6adfc2e6cfce2fd4a2ca05670a91015aacccf96a1c26268fd
Affected packages
- Linux / Linux< 10063e1251c1485034a018236080792ad083dcc5 (from cc3ed80ae69f454c3d904af9f65394a540099723) · < c3b7015000988ba35ecd5648f4b2283960f00543 (from cc3ed80ae69f454c3d904af9f65394a540099723) · < 3880e331b0b31d0d5d3702b124f6c93539cd478a (from cc3ed80ae69f454c3d904af9f65394a540099723) · < fce2fd4a2ca05670a91015aacccf96a1c26268fd (from cc3ed80ae69f454c3d904af9f65394a540099723) · < d464cf1ed900d47c85393d40b00017b6adfc2e6c (from cc3ed80ae69f454c3d904af9f65394a540099723) · < 0004ecb798b30e90d7ebfe74efae2d9423315a64 (from cc3ed80ae69f454c3d904af9f65394a540099723)
- Linux / Linux5.13Fixed in 0, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H