PT-2026-40690 · Linux · Linux Kernel

Published

2026-05-13

·

Updated

2026-06-30

·

CVE-2026-43483

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the KVM SVM implementation where CR8 write interception remains enabled after AVIC (Advanced Virtual Interrupt Controller) is activated. This occurs because the interception is not explicitly cleared during AVIC activation. While this typically results in a performance degradation, it can be fatal for Windows guests when combined with a TPR (Task Priority Register) synchronization bug, causing the TPR seen by the hardware to become out of sync. The flaw is specific to SVM and does not affect VMX.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-43483
OESA-2026-2493
OESA-2026-2494
OESA-2026-2495
SUSE-SU-2026:22108-1
SUSE-SU-2026:22137-1
SUSE-SU-2026:22433-1
SUSE-SU-2026:22458-1
SUSE-SU-2026:2482-1
SUSE-SU-2026:2591-1

Affected Products

Linux Kernel