CVE-2026-46113

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers (GFNs) for direct shadow pages by adding the SPTE index to sp->gfn. This logic fails if guest page tables are modified between VM entries. Specifically, if a Page Directory Entry (PDE) mapping is changed and a new leaf Shadow Page Table Entry (SPTE) is installed with a GFN outside the expected range, the corresponding reverse mapping (rmap) entry cannot be located and removed when the kvm mmu page is zapped. Consequently, operations triggering an rmap walk, such as dirty logging or MMU notifier invalidations (e.g., from MADV DONTNEED), may dereference a freed kvm mmu page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.