SB20250916398 - Input validation error in Linux kernel x86 kvm
Published: September 16, 2025
Security Bulletin ID
SB20250916398
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/15006289e5c38b2a830e1fba221977a27598176c
- https://git.kernel.org/stable/c/2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e
- https://git.kernel.org/stable/c/2f8f173413f1cbf52660d04df92d0069c4306d25
- https://git.kernel.org/stable/c/34e5667041050711a947e260fc9ebebe08bddee5
- https://git.kernel.org/stable/c/459274c77b37ac63b78c928b4b4e748d1f9d05c8
- https://git.kernel.org/stable/c/510603f504796c3535f67f55fb0b124a303b44c8
- https://git.kernel.org/stable/c/893387c18612bb452336a5881da0d015a7e8f4a2
- https://git.kernel.org/stable/c/9c23a90648e831d611152ac08dbcd1283d405e7f
- https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835
- https://git.kernel.org/stable/c/c08192b5d6730a914dee6175bc71092ee6a65f14
- https://git.kernel.org/stable/c/d5490dfa35427a2967e00a4c7a1b95fdbc8ede34
- https://git.kernel.org/stable/c/d7ddc93392e4a7ffcccc86edf6ef3e64c778db52
- https://git.kernel.org/stable/c/f866eef8d1c65504d30923c3f14082ad294d0e6d