CVE-2025-38506 (GCVE-0-2025-38506)
Vulnerability from cvelistv5
Published
2025-08-16 10:54
Modified
2025-08-16 10:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Allow CPU to reschedule while setting per-page memory attributes
When running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),
the host can experience CPU soft lockups when running an operation in
kvm_vm_set_mem_attributes() to set memory attributes on the whole
range of guest memory.
watchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]
CPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)
Hardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024
RIP: 0010:xas_create+0x78/0x1f0
Code: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 <74> 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87
RSP: 0018:ffffad890a34b940 EFLAGS: 00000286
RAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000
RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868
R13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868
FS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0
PKRU: 55555554
Call Trace:
<TASK>
xas_store+0x58/0x630
__xa_store+0xa5/0x130
xa_store+0x2c/0x50
kvm_vm_set_mem_attributes+0x343/0x710 [kvm]
kvm_vm_ioctl+0x796/0xab0 [kvm]
__x64_sys_ioctl+0xa3/0xd0
do_syscall_64+0x8c/0x7a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5578d031bb
Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48
RSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb
RDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b
RBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000
R10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120
R13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0
While looping through the range of memory setting the attributes,
call cond_resched() to give the scheduler a chance to run a higher
priority task on the runqueue if necessary and avoid staying in
kernel mode long enough to trigger the lockup.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9bd1163c8d8f716f45e54d034ee28757cc85549",
"status": "affected",
"version": "5a475554db1e476a14216e742ea2bdb77362d5d5",
"versionType": "git"
},
{
"lessThan": "1ef45ae7a3938f0844032ba670b4f89180a5bffc",
"status": "affected",
"version": "5a475554db1e476a14216e742ea2bdb77362d5d5",
"versionType": "git"
},
{
"lessThan": "47bb584237cc285e3a860b70c01f7bda9dcfb05b",
"status": "affected",
"version": "5a475554db1e476a14216e742ea2bdb77362d5d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.39",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.7",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Allow CPU to reschedule while setting per-page memory attributes\n\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\nthe host can experience CPU soft lockups when running an operation in\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\nrange of guest memory.\n\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\nRIP: 0010:xas_create+0x78/0x1f0\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n xas_store+0x58/0x630\n __xa_store+0xa5/0x130\n xa_store+0x2c/0x50\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\n kvm_vm_ioctl+0x796/0xab0 [kvm]\n __x64_sys_ioctl+0xa3/0xd0\n do_syscall_64+0x8c/0x7a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f5578d031bb\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\n\nWhile looping through the range of memory setting the attributes,\ncall cond_resched() to give the scheduler a chance to run a higher\npriority task on the runqueue if necessary and avoid staying in\nkernel mode long enough to trigger the lockup."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-16T10:54:43.826Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9bd1163c8d8f716f45e54d034ee28757cc85549"
},
{
"url": "https://git.kernel.org/stable/c/1ef45ae7a3938f0844032ba670b4f89180a5bffc"
},
{
"url": "https://git.kernel.org/stable/c/47bb584237cc285e3a860b70c01f7bda9dcfb05b"
}
],
"title": "KVM: Allow CPU to reschedule while setting per-page memory attributes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38506",
"datePublished": "2025-08-16T10:54:43.826Z",
"dateReserved": "2025-04-16T04:51:24.022Z",
"dateUpdated": "2025-08-16T10:54:43.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38506\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-16T11:15:43.527\",\"lastModified\":\"2025-08-18T20:16:28.750\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: Allow CPU to reschedule while setting per-page memory attributes\\n\\nWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),\\nthe host can experience CPU soft lockups when running an operation in\\nkvm_vm_set_mem_attributes() to set memory attributes on the whole\\nrange of guest memory.\\n\\nwatchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]\\nCPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)\\nHardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024\\nRIP: 0010:xas_create+0x78/0x1f0\\nCode: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u003c74\u003e 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87\\nRSP: 0018:ffffad890a34b940 EFLAGS: 00000286\\nRAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000\\nRDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000\\nRBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868\\nR13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868\\nFS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000\\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0\\nPKRU: 55555554\\nCall Trace:\\n \u003cTASK\u003e\\n xas_store+0x58/0x630\\n __xa_store+0xa5/0x130\\n xa_store+0x2c/0x50\\n kvm_vm_set_mem_attributes+0x343/0x710 [kvm]\\n kvm_vm_ioctl+0x796/0xab0 [kvm]\\n __x64_sys_ioctl+0xa3/0xd0\\n do_syscall_64+0x8c/0x7a0\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\nRIP: 0033:0x7f5578d031bb\\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48\\nRSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\nRAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb\\nRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b\\nRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000\\nR10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120\\nR13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0\\n\\nWhile looping through the range of memory setting the attributes,\\ncall cond_resched() to give the scheduler a chance to run a higher\\npriority task on the runqueue if necessary and avoid staying in\\nkernel mode long enough to trigger the lockup.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: Permitir que la CPU reprograme mientras se configuran atributos de memoria por p\u00e1gina Cuando se ejecuta un invitado SEV-SNP con una cantidad de memoria suficientemente grande (1 TB+), el host puede experimentar bloqueos suaves de la CPU cuando ejecuta una operaci\u00f3n en kvm_vm_set_mem_attributes() para configurar los atributos de memoria en todo el rango de memoria del invitado. watchdog: BUG: bloqueo suave: \u00a1CPU n.\u00ba 8 bloqueada durante 26 s! [qemu-kvm:6372] CPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: cargado No contaminado 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntario) Nombre del hardware: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 13/11/2024 RIP: 0010:xas_create+0x78/0x1f0 C\u00f3digo: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 \u0026lt;74\u0026gt; 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87 RSP: 0018:ffffad890a34b940 EFLAGS: 00000286 RAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 00000000000000000 RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868 R13: ffffad890a356860 R14: 000000000000000 R15: ffffad890a356868 FS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0 PKRU: 55555554 Rastreo de llamadas: xas_store+0x58/0x630 __xa_store+0xa5/0x130 xa_store+0x2c/0x50 kvm_vm_set_mem_attributes+0x343/0x710 [kvm] kvm_vm_ioctl+0x796/0xab0 [kvm] __x64_sys_ioctl+0xa3/0xd0 do_syscall_64+0x8c/0x7a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f5578d031bb C\u00f3digo: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb RDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 00000000000000b RBP: 000001000000000 R08: 0000010000000000 R09: 0000017680000000 R10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120 R13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0 Mientras recorre el rango de memoria configurando los atributos, llame a cond_resched() para darle al programador la oportunidad de ejecutar una tarea de mayor prioridad en la cola de ejecuci\u00f3n si es necesario y evitar permanecer en modo kernel el tiempo suficiente para activar el bloqueo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1ef45ae7a3938f0844032ba670b4f89180a5bffc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/47bb584237cc285e3a860b70c01f7bda9dcfb05b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d9bd1163c8d8f716f45e54d034ee28757cc85549\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…