CVE-2026-43133 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emula

CVE

CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emula

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed updating the VMLOAD/VMSAVE emulation code to always use vmcb01. As a result, if VMSAVE/VMLOAD is executed by an L2 guest and is not intercepted by L1, KVM will mistakenly use vmcb02. Always use vmcb01 instead of the current VMCB.

HIGH · CVSS 7.9 EPSS 0.00013

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

▤

Affected Products & Versions

6

linux kernel>= 5.13 and < 5.15.202
linux kernel>= 5.16 and < 6.1.165
linux kernel>= 6.2 and < 6.6.128
linux kernel>= 6.7 and < 6.12.75
linux kernel>= 6.13 and < 6.18.16
linux kernel>= 6.19 and < 6.19.6

▣

Scoring & Timeline

7.9

HIGH · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD06 May 2026 · 12:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/0004ecb798b30e90d7ebfe74efae2d9423315a64Patch

https://git.kernel.org/stable/c/10063e1251c1485034a018236080792ad083dcc5Patch

https://git.kernel.org/stable/c/127ccae2c185f62e6ecb4bf24f9cb307e9b9c619Patch

https://git.kernel.org/stable/c/3880e331b0b31d0d5d3702b124f6c93539cd478aPatch

https://git.kernel.org/stable/c/c3b7015000988ba35ecd5648f4b2283960f00543Patch

https://git.kernel.org/stable/c/d464cf1ed900d47c85393d40b00017b6adfc2e6cPatch

Show all 7 references

https://git.kernel.org/stable/c/fce2fd4a2ca05670a91015aacccf96a1c26268fdPatch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin