VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 19, 2026

CVE-2026-43096

CVE-2026-43096

Description

In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix infinite fault loop on permission-denied GPA intercepts

Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshv_handle_gpa_intercept() attempts to remap pages for all faults on movable memory regions, regardless of whether the access type is permitted. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing immediate re-fault and spinning the vCPU indefinitely.

Validate intercept access type against region permissions before attempting remaps. Reject writes to non-writable regions and executes to non-executable regions early, returning false to let the VMM handle the intercept appropriately.

This also closes a potential DoS vector where malicious guests could intentionally trigger these fault loops to consume host resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Infinite fault loop in Linux kernel mshv driver on permission-denied GPA intercepts enables denial-of-service via malicious guest.

Vulnerability

The mshv_handle_gpa_intercept() function in the Linux kernel's mshv driver attempts to remap pages for any fault on movable memory regions without verifying whether the access type is permitted [1][2]. When a guest writes to a read-only region, the remap succeeds but the region remains read-only, causing an immediate re-fault and infinite loop that spins the vCPU indefinitely.

Exploitation

An attacker with access to a guest VM can exploit this by intentionally accessing a read-only memory region, triggering the infinite fault loop. This requires no special privileges beyond normal guest operation, as the guest can control its memory accesses.

Impact

The vulnerability leads to a denial-of-service (DoS) condition, including potential host resource exhaustion due to the infinite vCPU spinning. It is rated Medium with CVSS 5.5.

Mitigation

The fix introduces a permission check before remapping, rejecting writes to non-writable and executes to non-executable regions early. This patch has been applied to the Linux kernel stable branches via commits [1] and [2].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.