Improper control of a resource through its lifetime in Linux kernel - CVE-2026-46014
Published: May 28, 2026
Vulnerability identifier: #VU132478
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46014
CWE-ID: CWE-664
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disrupt virtual machine state handling.
The vulnerability exists due to improper state management in KVM SVM LBR MSR save and restore handling when processing userspace MSR save and restore operations. A local user can trigger incorrect handling of LBR and debug control MSRs to disrupt virtual machine state handling.
Exploitation requires access to userspace interfaces that manage virtual CPU MSR state, and LBR-related behavior depends on LBR virtualization being enabled.
How to mitigate CVE-2026-46014
Install security update from vendor's repository.