HarborGuard / CVE
Back to search
HIGHCVE-2026-46113Published Modified CNA Linux

CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modified between VM entries (similar to commit aad885e77496, "KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE", 2026-03-27). The flow is as follows: - a PDE is installed for a 2MB mapping, and a page in that area is accessed. KVM creates a kvm_mmu_page consisting of 512 4KB pages; the kvm_mmu_page is marked by FNAME(fetch) as direct-mapped because the guest's mapping is a huge page (and thus contiguous). - the PDE mapping is changed from outside the guest. - the guest accesses another page in the same 2MB area. KVM installs a new leaf SPTE and rmap entry; the SPTE uses the "correct" GFN (i.e. based on the new mapping, as changed in the previous step) but that GFN is outside of the [sp->gfn, sp->gfn + 511] range; therefore the rmap entry cannot be found and removed when the kvm_mmu_page is zapped. - the memslot that covers the first 2MB mapping is deleted, and the kvm_mmu_page for the now-invalid GPA is zapped. However, rmap_remove() only looks at the [sp->gfn, sp->gfn + 511] range established in step 1, and fails to find the rmap entry that was recorded by step 3. - any operation that causes an rmap walk for the same page accessed by step 3 then walks a stale rmap and dereferences a freed kvm_mmu_page. This includes dirty logging or MMU notifier invalidations (e.g., from MADV_DONTNEED). The underlying issue is that KVM's walking of shadow PTEs assumes that if a SPTE is present when KVM wants to install a non-leaf SPTE, then the existing kvm_mmu_page must be for the correct gfn. Because the only way for the gfn to be wrong is if KVM messed up and failed to zap a SPTE... which shouldn't happen, but *actually* only happens in response to a guest write. That bug dates back literally forever, as even the first version of KVM assumes that the GFN matches and walks into the "wrong" shadow page. However, that was only an imprecision until 2032a93d66fa ("KVM: MMU: Don't allocate gfns page for direct mmu pages") came along. Fix it by checking for a target gfn mismatch and zapping the existing SPTE. That way the old SP and rmap entries are gone, KVM installs the rmap in the right location, and everyone is happy.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A use-after-free vulnerability in the Linux kernel's KVM x86 shadow paging subsystem allows a local attacker with low-level privileges to corrupt kernel memory. The flaw is reachable locally from within a guest virtual machine and requires no user interaction, making it exploitable by any account that can run KVM-based workloads on the host. Successful exploitation gives the attacker full read, write, and execution control over the affected host kernel. A patched-image rebuild at the fix commits is available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46113 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against container images in customer registries and CI/CD pipelines, including custom-built images that carry an affected kernel or kernel-module package.

Available
Triage

Triage is available with a CVSS v3.1 base score of 8.8 (HIGH), weighted further by each customer environment's compliance policy to prioritize workloads running KVM-backed virtualization stacks. Findings are routed automatically to the inbox configured for the owning team inside each customer organization.

Available
Patch

A patched-image rebuild at the fix commits is available for environments running an affected kernel version. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network access to the vulnerable service is required.

  • AuthenticationRequired

    Any low-privilege local account (or unprivileged guest VM process) is sufficient to trigger the vulnerable KVM shadow-paging path.

  • Victim interactionNot required

    No user or administrator action is needed after the attacker gains their foothold; exploitation is fully attacker-driven.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layouts, or other environmental factors beyond having a local foothold.

Blast Radius

  • The attacker reads arbitrary kernel memory from the host, including cryptographic keys, process credentials, and memory belonging to other guest VMs.
  • The attacker writes to arbitrary kernel memory, modifying security-critical data structures such as task credentials or security module state.
  • The attacker can achieve arbitrary code execution in the host kernel context, giving full control over the physical host and all workloads running on it.
  • All other guest VMs co-located on the same physical host are exposed to data theft or tampering through the compromised host kernel.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication and matches every image carrying an affected Linux kernel package, including internally built base images. For environments running an affected kernel version, a patched-image rebuild at the upstream fix commits becomes available automatically. Customers who opt into auto-remediation receive a rebuilt image, a regression test run, and a PR opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is queued at HIGH severity and routed to the team inbox configured for the affected workload. Given the scope change (S:C) in the CVSS vector, prioritizing this CVE for any host running multi-tenant or shared KVM workloads is strongly warranted.

See how HarborGuard automates this

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

006c19c967b845b63172601fe459667d973b7e6b70cb2af2ea66ad8ff195c156ea690f11216285bdf14d1e55dfd2cf4711bff164a6aaaddb783552134488e386484ec8c0e558be6e156edf34ed9f4d5c86.6.1406.12.886.18.307.0.77.1-rc3738ec97b1855df6c08fe2369f798fa0b972e556b
Affected packages
  • Linux / Linux
    < 488e386484ec8c0e558be6e156edf34ed9f4d5c8 (from 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7) · < 06c19c967b845b63172601fe459667d973b7e6b7 (from 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7) · < 738ec97b1855df6c08fe2369f798fa0b972e556b (from 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7) · < 14d1e55dfd2cf4711bff164a6aaaddb783552134 (from 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7) · < 0cb2af2ea66ad8ff195c156ea690f11216285bdf (from 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7)
  • Linux / Linux
    2.6.20
    Fixed in 0, 6.6.140, 6.12.88, 6.18.30, 7.0.7, 7.1-rc3
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References