{"api_version":"1","generated_at":"2026-04-25T06:08:03+00:00","cve":"CVE-2026-31592","urls":{"html":"https://cve.report/CVE-2026-31592","api":"https://cve.report/api/cve/CVE-2026-31592.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31592","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31592"},"summary":{"title":"KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock\n\nTake and hold kvm->lock for before checking sev_guest() in\nsev_mem_enc_register_region(), as sev_guest() isn't stable unless kvm->lock\nis held (or KVM can guarantee KVM_SEV_INIT{2} has completed and can't\nrollack state).  If KVM_SEV_INIT{2} fails, KVM can end up trying to add to\na not-yet-initialized sev->regions_list, e.g. triggering a #GP\n\n  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n  CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G     U  W  O        6.16.0-smp-DEV #1 NONE\n  Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n  Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n  RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83\n  Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00\n  RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256\n  RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000\n  RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000\n  RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000\n  R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000\n  R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000\n  FS:  00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0\n  Call Trace:\n   <TASK>\n   kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371\n   kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363\n   __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51\n   do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n   do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f34e9f7e9a9\n  Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n  RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9\n  RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007\n  RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n  R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8\n   </TASK>\n\nwith a syzlang reproducer that looks like:\n\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=ANY=[], 0x70}) (async)\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB=\"...\"], 0x4f}) (async)\n  r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)\n  r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)\n  r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)\n  r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)\n  ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async)\n  ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[...], 0x5}) (async)\n  ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async)\n  r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)\n  openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)\n  ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) (async)\n  r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)\n  close(r0) (async)\n  openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)\n  ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async)\n  ioctl$KVM_RUN(r5, 0xae80, 0x0)\n\nOpportunistically use guard() to avoid having to define a new error label\nand goto usage.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-04-24 15:16:36","updated_at":"2026-04-24 17:51:40"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/35a0963d361f98bba798fd15d229dcb166c04684","name":"https://git.kernel.org/stable/c/35a0963d361f98bba798fd15d229dcb166c04684","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0ff93ff0ba82e9511770e175fa50682a1ab14fb6","name":"https://git.kernel.org/stable/c/0ff93ff0ba82e9511770e175fa50682a1ab14fb6","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ab725ac3022469ecd4d7aa7d5646712e98b249d8","name":"https://git.kernel.org/stable/c/ab725ac3022469ecd4d7aa7d5646712e98b249d8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31592","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31592","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 35a0963d361f98bba798fd15d229dcb166c04684 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ab725ac3022469ecd4d7aa7d5646712e98b249d8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 0ff93ff0ba82e9511770e175fa50682a1ab14fb6 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.24 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.14 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.1 7.0.* semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["arch/x86/kvm/svm/sev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"35a0963d361f98bba798fd15d229dcb166c04684","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"ab725ac3022469ecd4d7aa7d5646712e98b249d8","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"0ff93ff0ba82e9511770e175fa50682a1ab14fb6","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["arch/x86/kvm/svm/sev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.24","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.14","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.1","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.24","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.1","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock\n\nTake and hold kvm->lock for before checking sev_guest() in\nsev_mem_enc_register_region(), as sev_guest() isn't stable unless kvm->lock\nis held (or KVM can guarantee KVM_SEV_INIT{2} has completed and can't\nrollack state).  If KVM_SEV_INIT{2} fails, KVM can end up trying to add to\na not-yet-initialized sev->regions_list, e.g. triggering a #GP\n\n  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n  CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G     U  W  O        6.16.0-smp-DEV #1 NONE\n  Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n  Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n  RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83\n  Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00\n  RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256\n  RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000\n  RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000\n  RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000\n  R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000\n  R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000\n  FS:  00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0\n  Call Trace:\n   <TASK>\n   kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371\n   kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363\n   __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51\n   do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n   do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f34e9f7e9a9\n  Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n  RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9\n  RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007\n  RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n  R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8\n   </TASK>\n\nwith a syzlang reproducer that looks like:\n\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=ANY=[], 0x70}) (async)\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB=\"...\"], 0x4f}) (async)\n  r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)\n  r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)\n  r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)\n  r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)\n  ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async)\n  ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[...], 0x5}) (async)\n  ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async)\n  r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)\n  openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)\n  ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) (async)\n  r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)\n  close(r0) (async)\n  openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)\n  ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async)\n  ioctl$KVM_RUN(r5, 0xae80, 0x0)\n\nOpportunistically use guard() to avoid having to define a new error label\nand goto usage."}],"providerMetadata":{"dateUpdated":"2026-04-24T14:42:18.921Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/35a0963d361f98bba798fd15d229dcb166c04684"},{"url":"https://git.kernel.org/stable/c/ab725ac3022469ecd4d7aa7d5646712e98b249d8"},{"url":"https://git.kernel.org/stable/c/0ff93ff0ba82e9511770e175fa50682a1ab14fb6"}],"title":"KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31592","datePublished":"2026-04-24T14:42:18.921Z","dateReserved":"2026-03-09T15:48:24.121Z","dateUpdated":"2026-04-24T14:42:18.921Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-24 15:16:36","lastModifiedDate":"2026-04-24 17:51:40","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31592","Ordinal":"1","Title":"KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kv","CVE":"CVE-2026-31592","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31592","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock\n\nTake and hold kvm->lock for before checking sev_guest() in\nsev_mem_enc_register_region(), as sev_guest() isn't stable unless kvm->lock\nis held (or KVM can guarantee KVM_SEV_INIT{2} has completed and can't\nrollack state).  If KVM_SEV_INIT{2} fails, KVM can end up trying to add to\na not-yet-initialized sev->regions_list, e.g. triggering a #GP\n\n  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n  KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n  CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G     U  W  O        6.16.0-smp-DEV #1 NONE\n  Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n  Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n  RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83\n  Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00\n  RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256\n  RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000\n  RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000\n  RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000\n  R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000\n  R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000\n  FS:  00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0\n  Call Trace:\n   <TASK>\n   kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371\n   kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363\n   __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51\n   do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n   do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f34e9f7e9a9\n  Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n  RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n  RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9\n  RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007\n  RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n  R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8\n   </TASK>\n\nwith a syzlang reproducer that looks like:\n\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=ANY=[], 0x70}) (async)\n  syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB=\"...\"], 0x4f}) (async)\n  r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)\n  r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)\n  r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)\n  r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)\n  ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async)\n  ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[...], 0x5}) (async)\n  ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async)\n  r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)\n  openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)\n  ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) (async)\n  r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)\n  close(r0) (async)\n  openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)\n  ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async)\n  ioctl$KVM_RUN(r5, 0xae80, 0x0)\n\nOpportunistically use guard() to avoid having to define a new error label\nand goto usage.","Type":"Description","Title":"KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kv"}]}}}