CVE-2026-45987 Linux CVE debrief

Who should care

Organizations running nested virtualization with KVM on AMD SVM hardware; cloud providers offering nested virtualization; Linux kernel maintainers; virtualization security teams

Technical summary

The vulnerability is in KVM's nested SVM (nSVM) implementation. After VMRUN in guest mode, nested_sync_control_from_vmcb02() synchronizes CPU-written fields from vmcb02 to cached vmcb12 for use as authoritative control state and nested state save/restore payload. However, int_state (specifically bit 0/SVM_INTERRUPT_SHADOW_MASK for nested VMs) was not synchronized. When KVM_SET_VCPU_EVENTS precedes KVM_SET_NESTED_STATE during restoration, the interrupt shadow is restored to vmcb01 instead of vmcb02. For L2 guests, this can cause vCPU hangs if wakeup interrupts arrive before HLT instructions that should have been in an interrupt shadow. The fix adds int_state synchronization to nested_sync_control_from_vmcb02().

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patch for your kernel version from the Linux kernel stable tree
• Verify KVM nested virtualization workloads are running on patched kernels
• Monitor for kernel updates that assign CVSS scoring and severity ratings
• Review VM snapshot/restore procedures to ensure proper ordering of KVM ioctls as a defense-in-depth measure

Evidence notes

The vulnerability description is sourced from the official CVE record published 2026-05-27. The fix involves synchronizing the int_state field to cached vmcb12 in nested_sync_control_from_vmcb02(). Multiple stable kernel commits are referenced in the NVD record. No CVSS score or severity has been assigned as of the modified date (2026-05-27). The vendor is identified as the Linux kernel project based on source domain evidence.

Official resources