Bug 2467018 (CVE-2026-43096) - CVE-2026-43096 kernel: mshv: Fix infinite fault loop on permission-denied GPA intercepts
Summary: CVE-2026-43096 kernel: mshv: Fix infinite fault loop on permission-denied GPA...
Keywords:
Status: NEW
Alias: CVE-2026-43096
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-06 10:03 UTC by OSIDB Bzimport
Modified: 2026-05-06 13:36 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-06 10:03:24 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix infinite fault loop on permission-denied GPA intercepts

Prevent infinite fault loops when guests access memory regions without
proper permissions. Currently, mshv_handle_gpa_intercept() attempts to
remap pages for all faults on movable memory regions, regardless of
whether the access type is permitted. When a guest writes to a read-only
region, the remap succeeds but the region remains read-only, causing
immediate re-fault and spinning the vCPU indefinitely.

Validate intercept access type against region permissions before
attempting remaps. Reject writes to non-writable regions and executes to
non-executable regions early, returning false to let the VMM handle the
intercept appropriately.

This also closes a potential DoS vector where malicious guests could
intentionally trigger these fault loops to consume host resources.
Comment 1 Alexander B 2026-05-06 13:33:56 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050619-CVE-2026-43096-b0a3@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.