KVM Vulnerability in Linux Kernel Affects Virtual CPU Management
CVE-2024-58083

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 March 2025

What is CVE-2024-58083?

The vulnerability in KVM within the Linux kernel involves a failure to properly verify whether the target virtual CPU (vCPU) is online before clamping its index. This oversight may result in KVM mistakenly providing access to a non-existent vCPU, specifically vCPU0, instead of returning NULL. Such a scenario is particularly concerning as it can lead to a use-after-free condition if vCPU0 is referenced while it’s not fully initialized. This vulnerability primarily affects systems where userspace or guest operations misbehave, potentially allowing erroneous interrupts to be sent to an unready vCPU, which can trigger severe integrity issues within the virtualization layer.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1d487e9bf8ba66a7174c56a0029c54b1eca8f99c < 5cce2ed69b00e022b5cdf0c49c82986abd2941a8

Linux 1d487e9bf8ba66a7174c56a0029c54b1eca8f99c < 09d50ccf0b2d739db4a485b08afe7520a4402a63

Linux 1d487e9bf8ba66a7174c56a0029c54b1eca8f99c < 7c4899239d0f70f88ac42665b3da51678d122480

References

https://git.kernel.org/stable/c/5cce2ed69b00e022b5cdf0c49...
https://git.kernel.org/stable/c/09d50ccf0b2d739db4a485b08...
https://git.kernel.org/stable/c/7c4899239d0f70f88ac42665b...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.