Virtual Device Reset Issue in Linux Kernel Affects QEMU Operations
CVE-2025-38064
What is CVE-2025-38064?
A vulnerability has been identified in the Linux kernel related to the handling of virtio devices during shutdown. Specifically, the virtio-console continues to write to the MMIO area even after the associated virtio-pci device has been reset, leading to invalid memory accesses and subsequent hangs during kexec operations in virtual machines. This issue can lead to instability as some virtual devices may remain active, causing errors from the IOMMU due to accessing guest memory incorrectly. The recommended mitigation involves breaking all virtio devices on the virtio bus shutdown, ensuring a clean reset to prevent resources from conflicting and improve overall system stability.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8bd2fa086a04886798b505f28db4002525895203
Linux 6.14.9 <= 6.14.*