Linux Kernel Live Migration Vulnerability in hisi_acc_vfio_pci Component

Vulnerability

A vulnerability has been identified in the Linux kernel's live migration function for the hisi_acc_vfio_pci component. When the Virtual Function (VF) device driver is not loaded in the Guest Operating System, attempting to perform device data migration can lead to a null address reference. This null pointer dereference causes access errors during the live migration recovery operation on the destination side. Consequently, live migration of virtual machines without the VF device drivers does not require device data migration. Additionally, if the queue address data received by the destination is empty, the device queue recovery process will be skipped.

Impact

The vulnerability can lead to null pointer dereferences, causing access errors during live migration recovery operations.

Added: Jul 10, 2025, 9:39 AM

Updated: Jul 10, 2025, 9:39 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Live Migration Vulnerability in hisi_acc_vfio_pci Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating