Linux Kernel Virtio Device Shutdown Vulnerability Causes Invalid Memory Accesses

Vulnerability

A vulnerability in the Linux kernel's handling of virtio devices can lead to invalid memory accesses and hangs during the kexec process in a virtual machine. This issue arises because the virtio-console continues to write to the memory-mapped I/O (MMIO) after the associated virtio-pci device has been reset. The problem is exacerbated by the fact that IOMMUs are reset before the devices, causing some devices to become unresponsive. The vulnerability has been addressed by ensuring that all virtio devices are properly reset during the shutdown process.

Impact

The vulnerability can cause hangs in virtual machines during the kexec process, along with invalid memory accesses that are rejected, leading to potential memory management issues.

Added: Jun 18, 2025, 10:51 AM

Updated: Jun 18, 2025, 10:51 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Virtio Device Shutdown Vulnerability Causes Invalid Memory Accesses

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating