SB2026052865 - Improper control of a resource through its lifetime in Linux kernel x86 kvm



SB2026052865 - Improper control of a resource through its lifetime in Linux kernel x86 kvm

Published: May 28, 2026

Security Bulletin ID SB2026052865
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-46014)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disrupt virtual machine state handling.

The vulnerability exists due to improper state management in KVM SVM LBR MSR save and restore handling when processing userspace MSR save and restore operations. A local user can trigger incorrect handling of LBR and debug control MSRs to disrupt virtual machine state handling.

Exploitation requires access to userspace interfaces that manage virtual CPU MSR state, and LBR-related behavior depends on LBR virtualization being enabled.


Remediation

Install update from vendor's website.