CVE-2025-21950

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21950
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21950.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21950
Downstream
Related
Published
2025-04-01T16:15:26Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl

In the "pmcmdioctl" function, three memory objects allocated by kmalloc are initialized by "hcallgetcpustate", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes.

References

Affected packages