{
  "threat_severity" : "Low",
  "public_date" : "2026-05-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12",
    "id" : "2482050",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2482050"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-440",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nKVM: nSVM: Avoid clearing VMCB_LBR in vmcb12\nsvm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB.\nHowever, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and\nclearing clean bits in vmcb12 is not architecturally defined.\nMove vmcb_mark_dirty() to callers and drop it for vmcb12.\nThis also facilitates incoming refactoring that does not pass the entire\nVMCB to svm_copy_lbrs().", "A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) subsystem, specifically affecting its nested virtualization (nSVM) capabilities. The issue arises from incorrect handling of Virtual Machine Control Block Last Branch Record (VMCB_LBR) data when copied to vmcb12, an operation that is not architecturally defined. This can lead to unexpected behavior or instability within nested virtualized environments, potentially impacting the reliability of guest virtual machines." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46071\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46071\nhttps://lore.kernel.org/linux-cve-announce/2026052758-CVE-2026-46071-d16a@gregkh/T" ],
  "name" : "CVE-2026-46071",
  "csaw" : false
}