CVE-2026-46071 Linux CVE debrief

Who should care

Organizations running Linux-based virtualization infrastructure with AMD processors and nested virtualization enabled; cloud providers offering nested virtualization capabilities; security teams managing kernel patch cycles for hypervisor hosts

Technical summary

The vulnerability existed in the KVM nSVM (nested SVM) subsystem where `svm_copy_lbrs()` unconditionally marked VMCB_LBR as dirty via `vmcb_mark_dirty()`. When `nested_svm_vmexit()` invoked this function to copy LBR state to vmcb12, the dirty bit marking in the guest VMCB violated architectural specifications—AMD SVM does not define clean bit semantics for vmcb12. The resolution refactors the code to move dirty-bit marking to callers, eliminating the undefined behavior for nested guest VMCBs. This change also enables future refactoring that avoids passing entire VMCB structures to `svm_copy_lbrs()`.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• For systems running nested virtualization with AMD SVM, prioritize kernel updates to prevent potential VM state corruption
• Monitor vendor security advisories for kernel package updates addressing this issue
• Review nested virtualization configurations and consider disabling nested SVM if not required until patches are applied

Evidence notes

The vulnerability description indicates this was a logic error in nested virtualization state management rather than a memory safety issue. The fix involves code refactoring to properly separate dirty-bit marking between host and guest VMCB contexts. No CVSS score has been assigned as of the CVE publication date.

Official resources