Linux Kernel KVM Xen Timer Initialization Vulnerability Causes ODEBUG Crash

Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) component for Xen virtualization has been addressed. The issue arose because the Xen timer was being initialized multiple times without checking if it was already set, leading to an ODEBUG crash. This crash occurred when the virtual CPU's Xen timer was already active, causing a debug object initialization error. The vulnerability was introduced because the timer initialization function was called every time a specific KVM attribute was set, without verifying the timer's previous state.

Impact

The vulnerability could lead to a crash of the virtual CPU due to a double initialization of the Xen timer, causing a debug object error.

Added: Jun 18, 2025, 1:00 PM

Updated: Jun 18, 2025, 1:00 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM Xen Timer Initialization Vulnerability Causes ODEBUG Crash

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating