CVE-2026-46147

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description Two issues exist in the vCPU initialization path of the KVM arm64 component. First, a failure occurring after hyp pin shared mem() succeeds can lead to a pin leak, where pin references on the host vCPU and SVE state pages are permanently leaked because the cleanup path fails to call unpin host vcpu() or unpin host sve state(). Second, the register hyp vcpu() function publishes the new vCPU pointer into hyp vm->vcpus[] using a bare store. This allows a concurrent caller of pkvm load hyp vcpu() to potentially observe a partially initialized vCPU object due to improper memory ordering.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.