PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46032 Linux CVE debrief

A vulnerability in the Linux kernel's KVM nested virtualization (nSVM) subsystem could allow a malicious L2 guest to cause the host to continue execution with corrupted state. When loading L1's CR3 fails during a nested #VMEXIT, the nested_svm_vmexit() function previously returned an error code that was ignored by most callers, causing the hypervisor to continue running L1 with invalid state rather than triggering a shutdown as hardware would. The fix injects a triple fault to emulate hardware shutdown behavior and removes the return value to ensure consistent error handling.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux KVM with nested virtualization enabled on AMD processors, cloud providers offering nested virtualization services, and security teams monitoring hypervisor integrity

Technical summary

The vulnerability exists in KVM's nested SVM implementation where nested_svm_vmexit() could fail to restore L1's CR3 during nested guest exit. Rather than causing a shutdown as AMD hardware specifies, the error return was ignored and execution continued with corrupted state. The resolution injects a triple fault to match hardware behavior and removes the problematic return value path.

Defensive priority

high

Recommended defensive actions

  • Apply kernel patches from stable branches (5d291ef0585ed880ed4dd71ea1a5965e0a65fb53, 9a738cf170a4a2332ea3a15e23ec65b5757fe4a1)
  • Update to latest stable Linux kernel with KVM fixes
  • Audit systems running nested virtualization with AMD SVM
  • Monitor for unexpected guest shutdowns or triple faults as potential exploitation indicators

Evidence notes

The CVE description and kernel commit references confirm this is a resolved vulnerability in KVM's nested SVM (AMD virtualization) implementation. The fix aligns guest behavior with AMD hardware specification (APM) which mandates shutdown on illegal host state load during #VMEXIT.

Official resources

2026-05-27