Main Vulnerability Database SB20251028112

SB20251028112 - Improper locking in Linux kernel kvm svm

Published: October 28, 2025

Security Bulletin ID SB20251028112

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-40038)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0910dd7c9ad45a2605c45fd2bf3d1bcac087687c
https://git.kernel.org/stable/c/cd3efb93677c4b0cf76348882fb429165fee33fd
https://git.kernel.org/stable/c/da2a3c231f7f2a5ac146d972b8c1d7d84aff6d70
https://git.kernel.org/stable/c/f994e9c790ce97d3cf01af4d0a1b9add0c955aee