Linux Kernel SGX Vulnerability Affecting Page Reclamation Process

CVE-2025-38334

What is CVE-2025-38334?

An issue in the Linux kernel impacts the SGX (Software Guard Extensions) page reclamation process, allowing attempts to reclaim poisoned pages. This can lead to severe system instability, including kernel panics and unexpected core shutdowns. Specifically, the reclaimer logic fails to check the poisoned status of an EPC (Enclave Page Cache) page before attempting to reclaim it, which may cause the executing core to enter a shutdown state during microcode operations. Proper handling of poisoned pages, including the implementation of sgx_unmark_page_reclaimable(), is essential to prevent these vulnerabilities and safeguard system stability during memory errors. This vulnerability underscores the need for rigorous memory management in high-security environments.

References