Main Vulnerability Database Vulnerabilities #VU132434

Improper control of a resource through its lifetime in Linux kernel - CVE-2026-46059

Published: May 28, 2026

Vulnerability identifier: #VU132434

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-46059

CWE-ID: CWE-664

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper state management in KVM nSVM nested virtualization handling when processing save and restore of an L2 guest after the first nested VMRUN. A local user can trigger a nested guest state transition to cause a denial of service.

The issue occurs for guests with NRIPS disabled.

How to mitigate CVE-2026-46059

Install security update from vendor's repository.

Improper control of a resource through its lifetime in Linux kernel - CVE-2026-46059

Detailed vulnerability description

How to mitigate CVE-2026-46059

Sources

Please verify you're human