CVE-2026-46082 - Vulnerability Details

- KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0

INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to
properly inject #UD when EFER.SVME=0.

[sean: tag for stable@]

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< ebb63390142c6458fc37758e0892759989cc159f
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< 491139c17f8ad5773303068411f6ac5eed438b51
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< 3ac9d4241d205f5d0df06358349ca718ebb0fa12
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< 643125b66ffc1147c66616b749475ba9efb15971
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< ee24928ecd85db4b68ed111e91fef36af0ca37b0
`ff092385e8285c03d8b148f42f46f98c5f4becd5`	affected	< d99df02ff427f461102230f9c5b90a6c64ee8e23

Linux

affected

Version	Status	Constraints
`2.6.32`	affected	—
`0`	unaffected	< 2.6.32
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ff092385e8285c03d8b148f42f46f98c5f4becd5,3ac9d4241d205f5d0df06358349ca718ebb0fa12)`	affected	code_commit	—
`[ff092385e8285c03d8b148f42f46f98c5f4becd5,643125b66ffc1147c66616b749475ba9efb15971)`	affected	code_commit	—
`[ff092385e8285c03d8b148f42f46f98c5f4becd5,c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28)`	affected	code_commit	—
`[ff092385e8285c03d8b148f42f46f98c5f4becd5,ee24928ecd85db4b68ed111e91fef36af0ca37b0)`	affected	code_commit	—
`[ff092385e8285c03d8b148f42f46f98c5f4becd5,d99df02ff427f461102230f9c5b90a6c64ee8e23)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.32`	affected	semver	—
`[0,2.6.32)`	unaffected	semver	—
`[6.6.140,7.0.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00123.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3ac9d4241d205f5d0df06358349ca718ebb0fa12
https://git.kernel.org/stable/c/491139c17f8ad5773303068411f6ac5eed438b51
https://git.kernel.org/stable/c/643125b66ffc1147c66616b749475ba9efb15971
https://git.kernel.org/stable/c/c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28
https://git.kernel.org/stable/c/d99df02ff427f461102230f9c5b90a6c64ee8e23
https://git.kernel.org/stable/c/ebb63390142c6458fc37758e0892759989cc159f
https://git.kernel.org/stable/c/ee24928ecd85db4b68ed111e91fef36af0ca37b0
https://lore.kernel.org/linux-cve-announce/2026052700-CVE-2026-46082-48fc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46082
https://www.cve.org/CVERecord?id=CVE-2026-46082

History

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/491139c17f8ad5773303068411f6ac5eed438b51 https://git.kernel.org/stable/c/ebb63390142c6458fc37758e0892759989cc159f

Thu, 28 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-390
References		https://lore.kernel.org/linux-cve-announce/2026052700-CVE-2026-46082-48fc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46082 https://www.cve.org/CVERecord?id=CVE-2026-46082
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 27 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@]
Title		KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3ac9d4241d205f5d0df06358349ca718ebb0fa12 https://git.kernel.org/stable/c/643125b66ffc1147c66616b749475ba9efb15971 https://git.kernel.org/stable/c/c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28 https://git.kernel.org/stable/c/d99df02ff427f461102230f9c5b90a6c64ee8e23 https://git.kernel.org/stable/c/ee24928ecd85db4b68ed111e91fef36af0ca37b0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:58:21.629Z

Updated: 2026-06-14T17:53:00.593Z

Reserved: 2026-05-13T15:03:33.096Z

Link: CVE-2026-46082

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:29.617

Modified: 2026-06-17T10:53:02.327

Link: CVE-2026-46082

Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46082 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T04:30:06Z

Weaknesses

CWE-390

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object