A critical vulnerability in the Linux kernel's Kernel-based Virtual Machine (KVM) hypervisor was publicly disclosed on May 28, 2026, under CVE-2026-46131. The flaw, which involves improper management of extended page table (EPT) and nested page table (NPT) state during Hyper-V TLB flush requests, can allow a malicious L2 guest to access stale memory pages. This opens the door to data leakage and privilege escalation across virtual machine boundaries, posing a severe risk to cloud providers and enterprises running nested virtualization workloads.

The vulnerability was identified and patched by the Linux kernel security team, with the National Vulnerability Database (NVD) publishing the advisory on the same day. Administrators are urged to apply kernel updates immediately to mitigate the risk.

Understanding the Technical Background

To grasp the significance of CVE-2026-46131, it's essential to understand the interplay between KVM, nested virtualization, and the Hyper-V enlightenments that triggered the bug.

KVM and Nested Virtualization

KVM transforms the Linux kernel into a type-1 hypervisor, enabling the host to run multiple virtual machines (VMs). Nested virtualization extends this capability, allowing a VM to itself act as a hypervisor and run its own guests. In a typical scenario, an L0 hypervisor (the bare-metal KVM host) runs an L1 VM, which in turn runs an L2 VM. This architecture is common in cloud environments for testing, development, and isolated workloads.

Nested virtualization adds complexity because the hypervisor must manage two layers of address translation. The L1 hypervisor uses its own set of page tables to map L2 physical addresses to L1 physical addresses, while the L0 hypervisor maps L1 physical addresses to host physical addresses.

Extended and Nested Page Tables

Intel and AMD implement hardware-assisted paging to accelerate these translations:

  • Intel EPT (Extended Page Tables) is used by the L0 hypervisor to translate L1 physical addresses directly to host physical addresses, bypassing shadow page tables.
  • AMD NPT (Nested Page Tables) serves the same purpose on AMD platforms.

When nesting is active, KVM on the L0 host emulates the EPT or NPT for the L1 hypervisor. This emulation involves maintaining separate page table structures and correctly flushing translation lookaside buffers (TLBs) when mappings change.

The Role of TLB Flushing

The TLB is a hardware cache that speeds up virtual-to-physical address translations. When a hypervisor modifies page tables, it must issue a TLB flush instruction to invalidate stale entries and force the CPU to re-walk the page tables. Incomplete or incorrect flushes can leave residual mappings that point to deallocated memory or pages belonging to another VM.

In nested virtualization, multiple TLB levels exist: the L1 guest's TLB (for L2-to-L1 mappings) and the L0 host's TLB (for L1-to-host mappings). A change in the L1's nested page tables requires flushing the L1's TLB, but sometimes the L0 must also flush its own EPT/NPT TLB to maintain consistency.

Hyper-V Enlightenments in KVM

To improve performance when running Windows guests, KVM implements a set of paravirtualized interfaces known as Hyper-V enlightenments. These include a hypercall interface that allows the guest to request certain operations from the hypervisor more efficiently than through native hardware mechanisms.

One such enlightenment is the Hyper-V TLB flush hypercall (HvCallFlushVirtualAddressSpace and variants). When a Windows L1 guest with nested virtualization enabled uses this hypercall, it expects the L0 KVM to flush specific TLB entries across all virtual processors. This is crucial for maintaining memory consistency after the L1 modifies its nested page tables.

The Vulnerability: Incorrect State Handling

CVE-2026-46131 arises from a logical error in how KVM handles the Hyper-V TLB flush hypercall when nested EPT or NPT is active. According to the advisory, "incorrect handling of nested Intel EPT and AMD NPT state" occurs during these TLB flush requests.

The core issue is that KVM failed to properly synchronize the nested page table state and the corresponding TLB entries. When a L1 issues a TLB flush hypercall, KVM on L0 must determine which TLBs to invalidate—the L1's EPT/NPT TLBs, the L0's combined mappings, or both. The bug caused KVM to miss flushing some necessary TLB entries, leaving stale translations in the CPU.

This could happen in several scenarios:

  • The L1 updated its nested page tables but the L0 KVM only partially emulated the flush.
  • KVM incorrectly tracked the "dirty" state of nested page table structures, leading to a condition where a subsequent flush hypercall was treated as a no-op when it should have been performed.
  • On AMD systems, the NPT state management differed from Intel's EPT, and the code path did not account for these differences properly.

As a result, an L2 guest could continue to access physical memory through stale mappings. That memory might now belong to another L2 VM, the L1 hypervisor, or even the L0 host. The window of opportunity existed from the time the L1 made a legitimate page table change until the next correct TLB flush, which could be indefinitely long if the hypervisor relied solely on the flawed hypercall.

Real-World Impact and Exploitability

The most severe consequence is cross-VM data leakage. A malicious L2 guest could deliberately trigger the condition and then read sensitive data from other VMs, such as cryptographic keys, passwords, or intellectual property. This breaks the fundamental isolation guarantees of virtualization.

Privilege escalation is also possible. If the stale mapping points to kernel memory areas of another VM or the hypervisor, an attacker might write malicious data to gain code execution in a more privileged context. In a nested environment, an L2 guest could potentially compromise the L1 hypervisor, and from there pivot to the L0 host.

Exploitation requires:

  1. The attacker to have control over a L2 guest.
  2. Nested virtualization enabled in the L1.
  3. The L1 to use the Hyper-V TLB flush hypercall (which is the case for modern Windows guests with nested virtualization feature installed).

The vulnerability is particularly dangerous for public cloud providers that offer nested virtualization, as well as enterprise data centers running Windows Server with Hyper-V as an L1 guest on top of Linux KVM. While the complexity of exploitation is high, the potential damage warrants an "Important" severity rating from most distributors.

The Fix: Kernel Patch and Mitigations

The Linux kernel security team resolved CVE-2026-46131 by correcting the state tracking logic in the KVM code responsible for handling the HvCallFlushVirtualAddressSpace and related hypercalls. The patch ensured that:

  • The nested EPT/NPT state is explicitly checked before a flush hypercall returns, guaranteeing that any pending TLB invalidations are completed.
  • On Intel CPUs, the EPT invalidation properly accounts for the current nested EPT context.
  • On AMD CPUs, the NPT flushing routine correctly synchronizes the L1's nested page table root with the hardware's view.

Administrators can mitigate the vulnerability by applying the kernel update that includes this commit. The fix was backported to long-term stable kernel series (e.g., 6.1.x, 6.6.x, 6.12.x) and is available through standard distribution channels.

In the interim, before patching, potential workarounds include:

  • Disabling nested virtualization entirely if not required. This can be done by setting the kvm-intel.nested=0 or kvm-amd.nested=0 kernel parameter, which removes the attack surface.
  • If nested virtualization is mandatory, disabling the Hyper-V TLB flush enlightenment in the L1 guest can temporarily sidestep the buggy code path. On Windows, this involves removing the hv-vapic or related hypervisor extensions, though it degrades performance.

Broader Implications and Further Considerations

CVE-2026-46131 highlights the inherent complexity of nested virtualization and the dangers of mixing paravirtualized interfaces with hardware-assisted paging. As cloud providers continue to embrace nested setups for serverless containers, confidential computing, and testing environments, such vulnerabilities become increasingly attractive targets.

Security researchers note that similar issues could lurk in other hypercalls or enlightenment implementations. The KVM community has since initiated a review of all Hyper-V hypercall handlers to ensure consistent state management, especially when nested EPT/NPT is active.

For Windows enthusiasts running Linux hosts with Windows guests in nested configuration, this serves as a reminder to stay current with kernel security patches. Enabling automatic updates and subscribing to advisory feeds can reduce exposure to zero-day exploits.

The flaw also underscores the importance of defense-in-depth strategies. Even with fully patched systems, using hardware security features like AMD SEV or Intel TDX for confidential computing can limit the blast radius of hypervisor bugs.

Conclusion

CVE-2026-46131 is a potent example of how a subtle oversight in virtualized memory management can undermine the isolation of entire virtualized infrastructures. The timely disclosure and patching by the Linux kernel team mitigated the risk, but organizations must act quickly to deploy updates. Given the widespread use of KVM in production, this vulnerability should be prioritized in any security patching schedule.

Stay safe and keep your systems updated.