CVE-2026-46082
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability in the Linux kernel has been resolved that affects KVM and SVM. The issue was that the INVLPGA instruction did not trigger a #UD error when EFER.SVME was set to 0.
Risk Assessment
The lack of proper error reporting may lead to unexpected behavior in the virtualization system, posing risks to the stability and security of the virtual environment.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper functioning of virtualization mechanisms.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@]

