Emulation Logic Flaw in Linux Kernel for KVM on Xen Platforms
CVE-2025-38469

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38469?

A vulnerability in the Linux kernel affects the KVM on Xen platforms, where the cleanup logic during the emulation of Xen schedop poll hypercalls can lead to improper handling of array memory allocation. Specifically, when a virtual machine polls the host for multiple event channels, the memory allocation via kmalloc_array() may not properly clean up error paths, which could lead to potential stability issues in managed virtual machines.

Affected Version(s)

Linux 92c58965e9656dc6e682a8ffe520fac0fb256d13 < 3ee59c38ae7369ad1f7b846e05633ccf0d159fab

Linux 92c58965e9656dc6e682a8ffe520fac0fb256d13

Linux 92c58965e9656dc6e682a8ffe520fac0fb256d13 < 061c553c66bc1638c280739999224c8000fd4602

References

https://git.kernel.org/stable/c/3ee59c38ae7369ad1f7b846e0...

https://git.kernel.org/stable/c/fd627ac8a5cff4d45269f164b...

https://git.kernel.org/stable/c/061c553c66bc1638c28073999...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025