CVE-2026-46059 Linux CVE debrief

Who should care

Organizations running nested virtualization workloads on AMD hardware with KVM, particularly those using L1 hypervisors that disable NRIPS or inject soft interrupts into L2 guests. Cloud providers and enterprises with multi-tenant virtualization stacks should prioritize assessment.

Technical summary

The vulnerability exists in KVM's nested SVM implementation where vmcb02's NextRIP field is incorrectly populated after L2 guest state save/restore operations. When NRIPS is disabled, L1 hypervisor does not provide NextRIP for soft interrupt injection into L2; KVM uses current RIP as a substitute. However, after the first L2 VMRUN, hardware and/or KVM updates NextRIP, rendering current RIP stale. The fix modifies the logic to use NextRIP from vmcb12 after the first L2 run, with current RIP only used when a nested run is pending. The same correction applies to soft_int_next_rip. This ensures consistent RIP advancement behavior across save/restore cycles and prevents potential guest execution flow corruption.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing commits 3428ed1529a1af4cce5aff6c5bd2fcc39ad726bb, 69fe1411a5ce678b4da6489b5d2282b4e1d13acf, and 8d397582f6b5e9fbcf09781c7c934b4910e94a50 when available from your Linux distribution
• Prioritize patching systems running nested virtualization (L1 hypervisors hosting L2 guests) with AMD SVM and NRIPS-disabled configurations
• Monitor for stable kernel releases incorporating this fix across supported branches
• Review nested virtualization deployments for reliance on soft interrupt injection to L2 guests
• Validate guest integrity after applying patches if systems were potentially exposed prior to update

Evidence notes

CVE published 2026-05-27. Linux kernel commit references indicate stable branch backports. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources