SB2025072770 - Input validation error in Linux kernel kvm svm
Published: July 27, 2025
Security Bulletin ID
SB2025072770
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-38455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/8c8e8d4d7544bb783e15078eda8ba2580e192246
- https://git.kernel.org/stable/c/b5725213149597cd9c2b075b87bc4e0f87e906c1
- https://git.kernel.org/stable/c/e0d9a7cf37ca09c513420dc88e0d0e805a4f0820
- https://git.kernel.org/stable/c/ecf371f8b02d5e31b9aa1da7f159f1b2107bdb01
- https://git.kernel.org/stable/c/fd044c99d831e9f837518816c7c366b04014d405