Linux Kernel KVM Race Condition Vulnerability in gfn_to_pfn_cache Initialization

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's KVM (Kernel-based Virtual Machine) module. The issue arises from the improper initialization of locks in the gfn_to_pfn_cache, which can lead to a corruption of the shared information gpc lock. This vulnerability allows for a race between the ioctl(KVM_XEN_HVM_EVTCHN_SEND) operation and the gfn_to_pfn_cache initialization, creating potential synchronization issues.

Impact

Exploitation of this vulnerability can lead to race conditions, causing locks to be corrupted and potentially allowing for improper synchronization in virtual machine operations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM Race Condition Vulnerability in gfn_to_pfn_cache Initialization

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating