CVE-2026-43483

MEDIUM EPSS 1.8%
Published May 13, 20261mo ago · Modified Jun 26, 20263d ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 13, 2026 1mo ago
Last Modified Jun 26, 2026 3d ago

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (de)activated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8 will remain intercepted in perpetuity. On its own, the dangling CR8 intercept is "just" a performance issue, but combined with the TPR sync bug fixed by commit d02e48830e3f ("KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active"), the danging intercept is fatal to Windows guests as the TPR seen by hardware gets wildly out of sync with reality. Note, VMX isn't affected by the bug as TPR_THRESHOLD is explicitly ignored when Virtual Interrupt Delivery is enabled, i.e. when APICv is active in KVM's world. I.e. there's no need to trigger update_cr8_intercept(), this is firmly an SVM implementation flaw/detail. WARN if KVM gets a CR8 write #VMEXIT while AVIC is active, as KVM should never enter the guest with AVIC enabled and CR8 writes intercepted. [Squash fix to avic_deactivate_vmcb. - Paolo]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.7  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.19
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/01651e7751edbbc0fb4598f8367a3dabcfc8c182
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/737410b32bd615b321da4fbeda490351b9af5e8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/816fa1dfae4532e851b1fe6b2434c753ecbd86c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87d0f901a9bd8ae6be57249c737f20ac0cace93d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4123fe5d9122eef9852e4921f7cc463420f30d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba3bca40f9f25c053f69413e5f4a41dd0fd762bf
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/01651e7751edbbc0fb4598f8367a3dabcfc8c182
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/737410b32bd615b321da4fbeda490351b9af5e8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/816fa1dfae4532e851b1fe6b2434c753ecbd86c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87d0f901a9bd8ae6be57249c737f20ac0cace93d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4123fe5d9122eef9852e4921f7cc463420f30d4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba3bca40f9f25c053f69413e5f4a41dd0fd762bf
    Patch