SB2026052820 - Improper control of a resource through its lifetime in Linux kernel kvm svm
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-46059)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in KVM nSVM nested virtualization handling when processing save and restore of an L2 guest after the first nested VMRUN. A local user can trigger a nested guest state transition to cause a denial of service.
The issue occurs for guests with NRIPS disabled.
Remediation
Install update from vendor's website.