Description
In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix error handling in mshv_region_pin

The current error handling has two issues:

First, pin_user_pages_fast() can return a short pin count (less than
requested but greater than zero) when it cannot pin all requested pages.
This is treated as success, leading to partially pinned regions being
used, which causes memory corruption.

Second, when an error occurs mid-loop, already pinned pages from the
current batch are not properly accounted for before calling
mshv_region_invalidate_pages(), causing a page reference leak.

Treat short pins as errors and fix partial batch accounting before
cleanup.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel bug allows a caller to request that a region of memory be pinned so that it can be accessed by the hypervisor. The implementation incorrectly treats a short pin count as success, causing only part of the region to be protected and later used, which corrupts kernel memory, resulting in a classic out‑of‑bounds memory overwrite. Additionally, in the event of a mid‑loop failure the code does not correctly account for pages already pinned before flushing, leaking page references that can consume resources. The error handling deficiency also amounts to improper error handling (CWE‑390, NVD‑CWE‑Other). Together, these defects can lead to memory corruption, potentially allowing an attacker who can trigger the pin operation to execute arbitrary code with kernel privileges or to crash the system.

Affected Systems

All Linux kernels that include the mshv hypervisor support are affected. The CNA listing shows the product as Linux:Linux and the CPE indicates the entire Linux kernel family; no specific version range is provided, so the issue applies to any kernel build containing the old pinning logic until the patch is applied.

Risk and Exploitability

The vulnerability carries a risk of kernel memory corruption, which can enable privilege escalation to root or destabilise the host. The CVSS score is 5.5, and the EPSS score is < 1%, so the exact likelihood of exploitation is unclear, but the presence of an EPSS entry does not guarantee that the vulnerability is unexploited. The issue is not listed in CISA’s KEV catalog. The likely attack vector requires privileged access to the kernel or control over a guest that exercises hypervisor memory pinning; an attacker could trigger the fault by invoking a poorly handled pin request, leading to corruption or resource exhaustion.

Generated by OpenCVE AI on May 8, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that corrects error handling in mshv_region_pin (see the provided kernel git references).
  • Upgrade to a Linux kernel that includes this fix if a patch is not available for your current kernel version.
  • If the hypervisor memory pinning feature is not required, disable or restrict its use via kernel configuration or hypervisor settings, as a temporary mitigation.

Generated by OpenCVE AI on May 8, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-775

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
References

Fri, 01 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-775

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin all requested pages. This is treated as success, leading to partially pinned regions being used, which causes memory corruption. Second, when an error occurs mid-loop, already pinned pages from the current batch are not properly accounted for before calling mshv_region_invalidate_pages(), causing a page reference leak. Treat short pins as errors and fix partial batch accounting before cleanup.
Title mshv: Fix error handling in mshv_region_pin
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:16:39.059Z

Reserved: 2026-05-01T14:12:55.979Z

Link: CVE-2026-43045

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:50.817

Modified: 2026-05-08T14:04:13.097

Link: CVE-2026-43045

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43045 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T19:00:12Z

Weaknesses