CVE-2026-43096 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix infinite fault loop on permission-denied GPA intercepts

Prevent infinite fault loops when guests access memory regions without
proper permissions. Currently, mshv_handle_gpa_intercept() attempts to
remap pages for all faults on movable memory regions, regardless of
whether the access type is permitted. When a guest writes to a read-only
region, the remap succeeds but the region remains read-only, causing
immediate re-fault and spinning the vCPU indefinitely.

Validate intercept access type against region permissions before
attempting remaps. Reject writes to non-writable regions and executes to
non-executable regions early, returning false to let the VMM handle the
intercept appropriately.

This also closes a potential DoS vector where malicious guests could
intentionally trigger these fault loops to consume host resources.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability stems from the mshv_handle_gpa_intercept routine remapping all faults on movable memory regions without first checking whether the requested access is permitted. When a guest attempts to write to a read‑only area or execute a non‑executable region, the remap succeeds but the page remains protected, causing the guest to fault again immediately. This cycle repeats indefinitely, spinning the virtual CPU and consuming host resources. The flaw results in a denial of service where a malicious guest can deliberately trigger the loop to drain CPU time and disrupt other workloads.

Affected Systems

The issue exists in the Linux kernel’s Hyper‑V (mshv) virtual machine monitor component. No specific kernel versions are listed in the CVE data, so all versions of the Linux kernel that contain the affected mshv module are potentially affected until the fix is applied.

Risk and Exploitability

The CVSS score is not provided and EPSS is unavailable, but the vulnerability is already closed in source control. It is not listed in CISA’s KEV catalog, suggesting no publicly known exploits have been observed. The likely attack vector is a malicious guest operating within the virtualized environment, exploiting the improperly validated intercepts to trigger the infinite fault loop. The impact is limited to the host system’s CPU resources, leading to denial of service for other tenants or processes.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b9a66cd5ccbb9fade15d0e427e19470d8ad35b75`	affected	< 02226839079ccc558820a3b25c4c46812927b4ba
`b9a66cd5ccbb9fade15d0e427e19470d8ad35b75`	affected	< 16cbec24897624051b324aa3a85859c38ca65fde

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.14`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[b9a66cd5ccbb9fade15d0e427e19470d8ad35b75,02226839079ccc558820a3b25c4c46812927b4ba)`	affected	code_commit	—
`[b9a66cd5ccbb9fade15d0e427e19470d8ad35b75,16cbec24897624051b324aa3a85859c38ca65fde)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest stable release that includes the mshv_handle_gpa_intercept patch (commits 02226839 and 16cbec24).
Re‑configure guest virtual machines to ensure memory regions are assigned correct permissions, avoiding unnecessary writable or executable flags on read‑only buffers.
If the host does not require Hyper‑V functionality, consider disabling the mshv module to eliminate the attack surface.

Generated by OpenCVE AI on May 6, 2026 at 12:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/02226839079ccc558820a3b25c4c46812927b4ba
https://git.kernel.org/stable/c/16cbec24897624051b324aa3a85859c38ca65fde

History

Wed, 06 May 2026 09:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshv_handle_gpa_intercept() attempts to remap pages for all faults on movable memory regions, regardless of whether the access type is permitted. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing immediate re-fault and spinning the vCPU indefinitely. Validate intercept access type against region permissions before attempting remaps. Reject writes to non-writable regions and executes to non-executable regions early, returning false to let the VMM handle the intercept appropriately. This also closes a potential DoS vector where malicious guests could intentionally trigger these fault loops to consume host resources.
Title		mshv: Fix infinite fault loop on permission-denied GPA intercepts
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/02226839079ccc558820a3b25c4c46812927b4ba https://git.kernel.org/stable/c/16cbec24897624051b324aa3a85859c38ca65fde

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T07:40:27.453Z

Updated: 2026-05-06T07:40:27.453Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43096

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-06T10:16:23.027

Modified: 2026-05-06T10:16:23.027

Link: CVE-2026-43096

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T12:30:03Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object