Linux Kernel KVM SMM Vulnerability Leading to Out-of-Bound Memory Access

Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) component has been identified, specifically related to the handling of System Management Mode (SMM) images. On 64-bit hosts, if the guest does not support long mode, KVM accesses 16 general-purpose registers (GPRs) in a 32-bit SMM image, leading to out-of-bounds memory access. Conversely, on 32-bit hosts, the relevant state-saving functions are not compiled, preventing such overflow issues.

Impact

Exploitation of this vulnerability causes out-of-bounds memory access, which can lead to undefined behavior, including potential memory corruption or information disclosure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM SMM Vulnerability Leading to Out-of-Bound Memory Access

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating