SB2026052865 - Improper control of a resource through its lifetime in Linux kernel x86 kvm
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-46014)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disrupt virtual machine state handling.
The vulnerability exists due to improper state management in KVM SVM LBR MSR save and restore handling when processing userspace MSR save and restore operations. A local user can trigger incorrect handling of LBR and debug control MSRs to disrupt virtual machine state handling.
Exploitation requires access to userspace interfaces that manage virtual CPU MSR state, and LBR-related behavior depends on LBR virtualization being enabled.
Remediation
Install update from vendor's website.