PatchSiren cyber security CVE debrief
CVE-2026-46295 Linux CVE debrief
A vulnerability was found in the Linux kernel, specifically in the KVM x86 module. The vulnerability occurs when the IRR scan is not performed correctly in the __kvm_apic_update_irr function, even if the PIR is empty. This can lead to a spurious WARNING and a wasted L2 VM-Enter/VM-Exit cycle. The root cause of the issue is a race between vmx_sync_pir_to_irr() on the target vCPU and __vmx_deliver_posted_interrupt() on a sender vCPU.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel, specifically those using KVM x86, should be aware of this vulnerability. This vulnerability may allow for a denial of service (DoS) attack.
Technical summary
The vulnerability occurs in the __kvm_apic_update_irr function, where the IRR scan is not performed correctly when the PIR is empty. This can lead to a spurious WARNING and a wasted L2 VM-Enter/VM-Exit cycle. The root cause of the issue is a race between vmx_sync_pir_to_irr() on the target vCPU and __vmx_deliver_posted_interrupt() on a sender vCPU.
Defensive priority
High
Recommended defensive actions
- Update the Linux kernel to the latest version
- Apply the patches provided by the Linux kernel maintainers
Evidence notes
The vulnerability was resolved by falling back to apic_find_highest_vector() when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR.
Official resources
-
CVE-2026-46295 CVE record
CVE.org
-
CVE-2026-46295 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public