Improper Check or Handling of Exceptional Conditions in Linux kernel - CVE-2026-43315
Published: May 9, 2026
Vulnerability identifier: #VU130872
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43315
CWE-ID: CWE-703
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of a user-triggerable warning in nested_svm_load_cr3() and svm_set_nested_state() in KVM nSVM when restoring nested vCPU state after modifying CPUID and CR3 values from userspace. A local user can supply an illegal combination of nested state, CPUID, and CR3 values to trigger a kernel warning and cause a denial of service.
The issue is reachable through the KVM userspace ABI during nested virtualization state restoration.
How to mitigate CVE-2026-43315
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/155ec243ef726f4bc49536fa0bfb565dc011ab17
- https://git.kernel.org/stable/c/580ea57840864d40e019bc13fd26afdc8d510a2f
- https://git.kernel.org/stable/c/969e5e13ff5c18603f21d1f9f64ec9194e141ac0
- https://git.kernel.org/stable/c/ce904c8a5bbe697eae0f7e34b07095bd7a6dee19
- https://git.kernel.org/stable/c/deb8f6dfd31d94b18dbeeaa8c01fbec5fc70fd2b
- https://git.kernel.org/stable/c/ebb2ab4f1c87d6b52776292cf7dc16aea48e95f8
- https://git.kernel.org/stable/c/fc3ba56385d03501eb582e4b86691ba378e556f9