Linux Kernel Vulnerability in vhost-scsi of QEMU
CVE-2025-38074

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2025-38074?

A vulnerability in the vhost-scsi subsystem of the Linux kernel allows access to the vq->log_base when vq->log_used is improperly managed. This can result in invalid memory writes to QEMU userspace due to improper synchronization mechanisms. The issue arises when configurations from QEMU disable vq->log_used while the completion path attempts to log memory operations. Such a flaw can be exploited when the control queue path handles vq->log_base, permitting attackers to potentially corrupt memory and lead to system instability. Systems running QEMU should be updated to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 057cbf49a1f08297877e46c82f707b1bfea806a8 < 80cf68489681c165ded460930e391b1eb37b5f6f

Linux 057cbf49a1f08297877e46c82f707b1bfea806a8 < 8312a1ccff1566f375191a89b9ba71b6eb48a8cd

Linux 057cbf49a1f08297877e46c82f707b1bfea806a8 < 59614c5acf6688f7af3c245d359082c0e9e53117

References

https://git.kernel.org/stable/c/80cf68489681c165ded460930...
https://git.kernel.org/stable/c/8312a1ccff1566f375191a89b...
https://git.kernel.org/stable/c/59614c5acf6688f7af3c245d3...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.