Description
In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: check for nEPT/nNPT in slow flush hypercalls

Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa()
is only valid if an L2 guest is running *with nested EPT/NPT enabled*.
Instead use the same condition as translate_nested_gpa() itself.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s KVM module contains an incorrect check for nested EPT/NPT on slow flush hypercalls. The bug incorrectly uses is_guest_mode(vcpu) instead of the condition required by translate_nested_gpa(). This oversight can cause the hypervisor to execute paths that are intended only when nested paging is enabled, potentially leading to invalid memory translations, kernel crashes, or unexpected behavior within the hypervisor.

Affected Systems

Any Linux distribution that ships the standard Linux kernel with KVM support may be affected. No particular kernel version is noted, so any build containing the aforementioned KVM code before the recent commit should be considered vulnerable until the upstream change is applied.

Risk and Exploitability

There is no CVSS score listed and the EPSS score is unavailable, while the vulnerability is not yet present in CISA’s KEV catalog. The flaw only manifests in environments that use nested virtualization and invoke the specific slow flush hypercall sequence. Operators running nested guests may therefore face a higher risk of hypervisor instability, whereas systems with nested virtualization disabled are effectively insulated from this issue.

Generated by OpenCVE AI on May 28, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that incorporates the KVM fix for the nested EPT/NPT check.
  • If a kernel upgrade cannot be performed immediately, disable nested virtualization or EPT/NPT for affected guests to prevent the problematic hypercall path from being exercised.
  • Monitor hypervisor logs for abnormal KVM hypercall activity and apply the kernel patch once it becomes available.

Generated by OpenCVE AI on May 28, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: KVM: x86: check for nEPT/nNPT in slow flush hypercalls Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa() is only valid if an L2 guest is running *with nested EPT/NPT enabled*. Instead use the same condition as translate_nested_gpa() itself.
Title KVM: x86: check for nEPT/nNPT in slow flush hypercalls
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:35:46.220Z

Reserved: 2026-05-13T15:03:33.099Z

Link: CVE-2026-46131

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:28.663

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46131

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T13:00:21Z

Weaknesses