Security Flaw in Linux Kernel Affecting KVM Guest Memory Management
CVE-2025-38396

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38396?

A vulnerability present in the Linux Kernel affects KVM guest memory management, specifically regarding the handling of anonymous inodes. The issue arises from an improper security context initialization, allowing for security checks to be potentially bypassed. This vulnerability particularly impacts the secret memory (secretmem) functionality, where the S_PRIVATE flag was not correctly cleared post-inode allocation. The introduced fixes ensure that the function responsible for creating secure anonymous inodes exports the necessary symbols, thus reinforcing the security framework surrounding guest memory operations.

Affected Version(s)

Linux 2bfe15c5261212130f1a71f32a300bcf426443d4 < 66d29d757c968d2bee9124816da5d718eb352959

Linux 2bfe15c5261212130f1a71f32a300bcf426443d4

References

https://git.kernel.org/stable/c/66d29d757c968d2bee9124816...

https://git.kernel.org/stable/c/e3eed01347721cd7a88195681...

https://git.kernel.org/stable/c/f94c422157f3e43dd31990567...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025