Linux Kernel Vulnerability Affecting KVM's AVIC Functionality

CVE-2026-43483

What is CVE-2026-43483?

A vulnerability has been identified within the Linux kernel that affects the Kernel-based Virtual Machine (KVM) functionality, particularly its Advanced Virtual Interrupt Controller (AVIC). The flaw arises from a failure to properly manage the CR8 write interception when toggling AVIC activation, leading to potential discrepancies during virtual machine operations. If KVM emulates the INIT=>WFS sequence while AVIC is deactivated, the CR8 interception remains enabled, causing persistent behavior that may severely degrade performance. This bug can compound with a previously identified issue regarding TPR synchronization, resulting in Windows guests operating with out-of-sync TPR, which poses a significant risk to system integrity and function. VMX setups are unaffected due to specific handling of TPR_THRESHOLD when Virtual Interrupt Delivery is active.

References