KVM Vulnerability in Linux Kernel Affecting Virtual Machine Operations
CVE-2026-43265

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43265?

The vulnerability in the Linux kernel KVM component arises from improper handling of blocked virtual CPUs (vCPUs) when nested events are present. Upon transitioning to userspace from a blocking state, a spurious exit can occur—often manifesting as KVM_EXIT_UNKNOWN—potentially jeopardizing the stability of the virtual machine (VM). Although it's intended that a vCPU does not enter a blocking state with already injected events, user space manipulations can create scenarios where this rule is violated, leading to undefined behavior. The resolution aims to mitigate the risk of such situations, allowing the VM to function more reliably despite underlying complexities.

Affected Version(s)

Linux 26844fee6adee9b1557d2279b0506285de9ee82b < 78265cd066d73a5cb41c088fcae4a2515e480d97

Linux 26844fee6adee9b1557d2279b0506285de9ee82b

Linux 26844fee6adee9b1557d2279b0506285de9ee82b < 2657439265d34a911886b916ba8be97ecc117d51

References

https://git.kernel.org/stable/c/78265cd066d73a5cb41c088fc...

https://git.kernel.org/stable/c/ec3be7dc9391085a2d96700e1...

https://git.kernel.org/stable/c/2657439265d34a911886b916b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43265 Data

JSON