CVE-2025-38469

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38469

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38469.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38469

Downstream

BELL-CVE-2025-38469

DEBIAN-CVE-2025-38469

DSA-5975-1

UBUNTU-CVE-2025-38469

Related

Published

2025-07-28T11:21:30.992Z

Modified

2025-11-20T09:57:18.874122Z

Summary

KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls

Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls

kvmxenschedoppoll does a kmallocarray() when a VM polls the host for more than one event channel potr (nr_ports > 1).

After the kmallocarray(), the error paths need to go through the "out" label, but the call to kvmreadguestvirt() does not.

[Adjusted commit message. - Paolo]

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92c58965e9656dc6e682a8ffe520fac0fb256d13

Fixed

3ee59c38ae7369ad1f7b846e05633ccf0d159fab

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92c58965e9656dc6e682a8ffe520fac0fb256d13

Fixed

fd627ac8a5cff4d45269f164b13ddddc0726f2cc

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92c58965e9656dc6e682a8ffe520fac0fb256d13

Fixed

061c553c66bc1638c280739999224c8000fd4602

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

92c58965e9656dc6e682a8ffe520fac0fb256d13

Fixed

5a53249d149f48b558368c5338b9921b76a12f8c

Affected versions

v6.*

v6.1

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.15.3

v6.15.4

v6.15.5

v6.15.6

v6.15.7

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.6.94

v6.6.95

v6.6.96

v6.6.97

v6.6.98

v6.6.99

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-38469-1ca0a06a",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee59c38ae7369ad1f7b846e05633ccf0d159fab",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/x86/kvm/xen.c"
        },
        "digest": {
            "line_hashes": [
                "326226629362461521244279119879792414613",
                "25104891393114282276440330983344754128",
                "258394514809328077236910443114321970813",
                "246238698513806407784780679024262738301"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2025-38469-914a2299",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd627ac8a5cff4d45269f164b13ddddc0726f2cc",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "kvm_xen_schedop_poll",
            "file": "arch/x86/kvm/xen.c"
        },
        "digest": {
            "length": 1991.0,
            "function_hash": "336051885364550881164050746240261569562"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-38469-98ae8716",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ee59c38ae7369ad1f7b846e05633ccf0d159fab",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "kvm_xen_schedop_poll",
            "file": "arch/x86/kvm/xen.c"
        },
        "digest": {
            "length": 1991.0,
            "function_hash": "336051885364550881164050746240261569562"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-38469-a9ccd20d",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd627ac8a5cff4d45269f164b13ddddc0726f2cc",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/x86/kvm/xen.c"
        },
        "digest": {
            "line_hashes": [
                "326226629362461521244279119879792414613",
                "25104891393114282276440330983344754128",
                "258394514809328077236910443114321970813",
                "246238698513806407784780679024262738301"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.100

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.40

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.8