Xen Timer Initialization Flaw in Linux Kernel Affects KVM by Linux Foundation
CVE-2022-50227

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-50227?

The Linux kernel vulnerability affects the KVM module by failing to properly initialize the Xen timer. The function kvm_xen_init_timer() is invoked multiple times without checks, leading to potential crashes when the vcpu's xen timer is already set. This oversight can result in application instability due to ODEBUG assertions during timer initialization. To mitigate this issue, the implementation should include checks to confirm whether a Xen timer already exists before initializing a new one, enhancing the overall stability and functionality of KVM virtualization.

Affected Version(s)

Linux 536395260582be7443b0b35b0bbb89ffe3947f62 < 9a9b5771e930f408c3419799000f76a9abaf2278

Linux 536395260582be7443b0b35b0bbb89ffe3947f62

Linux 5.19

References

https://git.kernel.org/stable/c/9a9b5771e930f408c34197990...

https://git.kernel.org/stable/c/af735db31285fa699384c649b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 18, 2025