Linux Kernel Hyper-V Vmbus Driver Information Disclosure Vulnerability in Isolated Guests

Vulnerability

A vulnerability in the Linux kernel's Hyper-V Vmbus driver could lead to the unintentional disclosure of guest-sensitive information. This issue arises because the 'hv_panic_page' may contain sensitive data from the guest, which is not dumped to Hyper-V by default in isolated guests. The vulnerability has been addressed by deactivating the 'sysctl_record_panic_msg' feature by default in these isolated environments.

Impact

Exploitation of this vulnerability could result in the leakage of sensitive guest information to the Hyper-V host.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.8

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.8

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Hyper-V Vmbus Driver Information Disclosure Vulnerability in Isolated Guests

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating