CVE-2026-46071

Source
https://cve.org/CVERecord?id=CVE-2026-46071
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46071.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46071
Downstream
Related
Published
2026-05-27T12:57:57.316Z
Modified
2026-06-26T11:56:30.666860856Z
Summary
KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

svmcopylbrs() always marks VMCBLBR dirty in the destination VMCB. However, nestedsvm_vmexit() uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined.

Move vmcbmarkdirty() to callers and drop it for vmcb12.

This also facilitates incoming refactoring that does not pass the entire VMCB to svmcopylbrs().

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46071.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d20c796ca3709801f8a7fa36e8770a3dd8ebd34e
Fixed
a3f0981a5a0e0bd51ad74cc7d9eed32294b24002
Fixed
9efe23568806d1cd06f7d146f9b3037b8d585a9f
Fixed
b53ab5167a81537777ac780bbd93d32613aa3bda

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46071.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46071.json"