Non-Canonical Address Handling Vulnerability in Linux Kernel Hyper-V
CVE-2025-38351
What is CVE-2025-38351?
In the Linux Kernel, a vulnerability exists within the KVM module concerning how Hyper-V hypercalls handle non-canonical guest virtual addresses (GVAs) during TLB flush operations. Specifically, when HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX are invoked, there's an absence of filtering for non-canonical addresses, leading to potential failure in address invalidation processes. While such malformed addresses may be ignored by AMD's INVLPGA instruction, they trigger a VM-Fail on Intel's INVVPID, causing operational disruptions. To mitigate this, a proposed solution involves the implementation of a filter for non-canonical addresses before they reach critical processing stages, thereby enhancing stability and compliance with Hyper-V specifications.
Affected Version(s)
Linux 260970862c88b4130e9e12be023c7e2c2d37a966 < 2d4dea3f76510c0afe3f18c910f647b816f7d566
Linux 260970862c88b4130e9e12be023c7e2c2d37a966
Linux 6.2