Linux Kernel KVM SVM Out-of-Bounds Guest IRQ Handling Vulnerability Leading to Panic

Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) SVM (Secure Virtual Machine) module has been identified, where improper handling of guest IRQs (interrupt requests) can lead to a kernel panic. This issue arises from the KVM_IRQFD API, which, when mismanaged, causes a crash in the 'svm_update_pi_irte' function due to out-of-bounds access. The problem has been addressed by modifying the IRQ handling to prevent such crashes.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a crash of the affected virtual machine.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM SVM Out-of-Bounds Guest IRQ Handling Vulnerability Leading to Panic

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating