CVE Catalog

CVE-2026-46082

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability in the Linux kernel has been resolved that affects KVM and SVM. The issue was that the INVLPGA instruction did not trigger a #UD error when EFER.SVME was set to 0.

Risk Assessment

The lack of proper error reporting may lead to unexpected behavior in the virtualization system, posing risks to the stability and security of the virtual environment.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper functioning of virtualization mechanisms.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS