Description
In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()

Ignore -EBUSY when checking nested events after exiting a blocking state
while L2 is active, as exiting to userspace will generate a spurious
userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's
demise. Continuing with the wakeup isn't perfect either, as *something*
has gone sideways if a vCPU is awakened in L2 with an injected event (or
worse, a nested run pending), but continuing on gives the VM a decent
chance of surviving without any major side effects.

As explained in the Fixes commits, it _should_ be impossible for a vCPU to
be put into a blocking state with an already-injected event (exception,
IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected
events, and thus put the vCPU into what should be an impossible state.

Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller
Kconfig, as WARNs can (hopefully) be added in paths where _KVM_ would be
violating x86 architecture, e.g. by WARNing if KVM attempts to inject an
exception or interrupt while the vCPU isn't running.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel's KVM subsystem for x86, the kernel incorrectly ignores a –EBUSY return code during the vcpu_block routine when a virtual CPU leaves a blocking state. This oversight triggers an unsolicited userspace exit that normally terminates the virtual machine. Even if execution continues past the wakeup, an injected event or pending nested run can leave the VM in an inconsistent state, leading to instability or a crash.

Affected Systems

The vulnerability affects the Linux kernel on all x86 architectures that have not incorporated the fix present in the later commits referenced in the CVE. The CVE data does not list explicit kernel version numbers, so the affected versions are unknown; any build prior to the merge of the patches is potentially vulnerable. Distribution kernels shipping the vulnerable upstream code are included.

Risk and Exploitability

Exploitation requires a privileged userspace component that can inject hardware or software events or alter the MP_STATE field while a vCPU is blocked. Based on the description, this is inferred to be the likely attack vector, as the kernel allows such changes from userspace. The CVSS score of 5.5 denotes moderate severity; the EPSS score is less than 1%, indicating a very low exploitation probability, and the vulnerability is not listed in CISA KEV. Nonetheless, a successful attack would result in denial of service for the affected virtual machine, disrupting availability.

Generated by OpenCVE AI on May 8, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the host kernel to a release that includes the KVM patch that restores proper handling of the –EBUSY error in the vcpu_block routine.
  • If a kernel update is not immediately possible, rebuild the current kernel with the upstream patch applied manually.
  • After upgrading or patching, restart all virtual machines to clear any stale state left by the vulnerable kernel version.
  • As a temporary safeguard, restrict privileged userspace tools from injecting events or modifying MP_STATE while virtual machines are running, as suggested by the upstream authors.

Generated by OpenCVE AI on May 8, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 07 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1288
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's demise. Continuing with the wakeup isn't perfect either, as *something* has gone sideways if a vCPU is awakened in L2 with an injected event (or worse, a nested run pending), but continuing on gives the VM a decent chance of surviving without any major side effects. As explained in the Fixes commits, it _should_ be impossible for a vCPU to be put into a blocking state with an already-injected event (exception, IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected events, and thus put the vCPU into what should be an impossible state. Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller Kconfig, as WARNs can (hopefully) be added in paths where _KVM_ would be violating x86 architecture, e.g. by WARNing if KVM attempts to inject an exception or interrupt while the vCPU isn't running.
Title KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:13.005Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43265

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:47.510

Modified: 2026-05-08T20:33:43.293

Link: CVE-2026-43265

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43265 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:30:05Z

Weaknesses