Intra-host Migration Vulnerability in Linux Kernel Affecting KVM Virtual Machines
CVE-2025-38455

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38455?

A vulnerability in the Linux kernel's KVM module can cause a crash during intra-host migration of virtual machines when vCPU creation is in-flight. This occurs due to a race condition, where the SEV-ES state might be incorrectly set while managing multiple vCPUs. If the source or destination VM is creating a vCPU, the migration mechanism can fail, leading to issues such as a NULL VMSA page error. This can degrade the reliability and stability of virtual machines configured with SEV-ES, posing risks to data integrity.

Affected Version(s)

Linux b56639318bb2be66aceba92836279714488709b4

Linux b56639318bb2be66aceba92836279714488709b4 < 8c8e8d4d7544bb783e15078eda8ba2580e192246

Linux b56639318bb2be66aceba92836279714488709b4

References

https://git.kernel.org/stable/c/e0d9a7cf37ca09c513420dc88...

https://git.kernel.org/stable/c/8c8e8d4d7544bb783e15078ed...

https://git.kernel.org/stable/c/fd044c99d831e9f837518816c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025