High

Linux kernel KVM x86 race condition in __get_sregs2() PDPTR handling

IdentifiersCVE-2026-43214CWE-362

CVE-2026-43214 is a flaw in the Linux kernel KVM x86 subsystem in the __get_sregs2() path when reading PDPTR registers. Reading PDPTRs can trigger guest-memory access through the call chain kvm_pdptr_read() -> svm_cache_reg() -> load_pdptrs() -> kvm_vcpu_read_guest_page() -> kvm_vcpu_gfn_to_memslot(). In the vulnerable path, kvm_vcpu_gfn_to_memslot() dereferences memslots via __kvm_memslots(), which uses srcu_dereference_check() and requires either kvm->srcu or kvm->slots_lock to be held. However, only vcpu->mutex was held. The issue was resolved by adding SRCU read-side protection around the PDPTR read path in __get_sregs2(). The bug was identified by the Linux Verification Center using Syzkaller.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

The flaw can lead to unsafe concurrent access to KVM memslot state during guest-memory lookup from the __get_sregs2() ioctl path. The provided material specifically shows lockdep-detected suspicious RCU usage and an upstream fix adding the missing SRCU protection. Based on the supplied CVSS assessments, successful exploitation may affect confidentiality, integrity, and availability of the host kernel/KVM context, but the exact practical exploitation consequences beyond the race and invalid synchronization are not further described in the provided content.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by limiting local access to KVM management interfaces and restricting who can invoke KVM vCPU ioctls against running VMs, since the issue is in a local KVM ioctl path and requires privileges to interact with a guest vCPU. No specific workaround other than applying the fixed kernel is provided in the supplied content.

Remediation

Patch, then assume compromise.

Apply a kernel update that includes the upstream fix for CVE-2026-43214, which adds SRCU read-side protection for PDPTR reads in __get_sregs2(). The content references stable fixes including commits f621ca24f9f489e226e22560761b04884984133b, 708e20c66b2761d878a2bc3c7534e7f814e4dec5, 9f2bfea51151dfbb24b52f452eb3d5f5fe0e506e, 57536ff0a6bd69a5808d682925202babdb5ddc13, b33f8d816950b10e7879cd8ffd7ae4b649ada4db, and 95d848dc7e639988dbb385a8cba9b484607cf98c. For SUSE environments, install the relevant released kernel updates/advisories that include the fix and reboot into the updated kernel.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

LinuxLinux Kerneloperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

bugzilla suseNews

Jun 4, 2026

1264651 - (CVE-2026-43214) VUL-0: CVE-2026-43214: kernel: KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()

A Linux kernel KVM x86 flaw in __get_sregs2() where reading PDPTRs lacked required SRCU read-side protection, causing unsafe memslot dereferencing during guest memory access and triggering lockdep warnings.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-43214

NVD

nvd.nist.gov/vuln/detail/CVE-2026-43214

MITRE CWE · CWE-362

cwe.mitre.org

Patch

git.kernel.org/stable/c/57536ff0a6bd69a5808d682925202babdb5ddc13

Patch

git.kernel.org/stable/c/708e20c66b2761d878a2bc3c7534e7f814e4dec5

Patch

git.kernel.org/stable/c/95d848dc7e639988dbb385a8cba9b484607cf98c

Patch

git.kernel.org/stable/c/9f2bfea51151dfbb24b52f452eb3d5f5fe0e506e

Patch

git.kernel.org/stable/c/b33f8d816950b10e7879cd8ffd7ae4b649ada4db

Patch

git.kernel.org/stable/c/f621ca24f9f489e226e22560761b04884984133b