PT-2026-40690 · Linux · Linux Kernel
Published
2026-05-13
·
Updated
2026-06-30
·
CVE-2026-43483
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An issue exists in the KVM SVM implementation where CR8 write interception remains enabled after AVIC (Advanced Virtual Interrupt Controller) is activated. This occurs because the interception is not explicitly cleared during AVIC activation. While this typically results in a performance degradation, it can be fatal for Windows guests when combined with a TPR (Task Priority Register) synchronization bug, causing the TPR seen by the hardware to become out of sync. The flaw is specific to SVM and does not affect VMX.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel