Impact
The bug occurs in the Linux kernel KVM module when executing nested virtual machines using SVM (nSVM). When a nested VM triggers a VMEXIT, the host must restore its CR3 register. If that restore fails, the function nested_svm_vmexit() returns an error code that is ignored by most callers, allowing the corrupted CR3 state to persist. This flaw is a classic case of CWE‑248: unchecked return value. The corrupted state can lead to a triple fault, causing the host processor to shutdown, resulting in a denial of availability for the host system rather than a direct compromise of confidentiality or integrity.
Affected Systems
All Linux kernel systems running the KVM module with nested SVM enabled are affected. No specific kernel version range is provided in the data, so any kernel that includes the unpatched KVM:nSVM code is potentially vulnerable.
Risk and Exploitability
Based on the description, the likely attack vector is a nested guest that can induce a failing CR3 load during a VMEXIT. The consequence is a hard shutdown of the host, giving high availability impact. The EPSS score is < 1%, indicating a low probability of exploitation, and the flaw is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The CVSS score of 5.5 indicates a moderate severity level, underscoring the importance of timely remediation.
OpenCVE Enrichment
Ubuntu USN