CVE Catalog

CVE-2026-46131

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to checking nEPT/nNPT in slow hypercall flushes. The issue lies in the incorrect checking of guest mode, which may lead to improper functioning of address translation features.

Risk Assessment

This vulnerability could lead to security issues in virtualized environments using nested EPT/NPT, potentially allowing unauthorized access to guest memory.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and ensure proper functioning of virtualization features.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: check for nEPT/nNPT in slow flush hypercalls Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa() is only valid if an L2 guest is running *with nested EPT/NPT enabled*. Instead use the same condition as translate_nested_gpa() itself.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS