Buffer Overflow Vulnerability in Linux Kernel Affecting KVM Functions
CVE-2025-39704

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39704?

A vulnerability exists in the Kernel-based Virtual Machine (KVM) of the Linux kernel, specifically within the send_ipi_data() function. Improper buffer size handling for the parameter *val—expected to be at least 8 bytes—can lead to potential stack corruption when CONFIG_STACKPROTECTOR is enabled. Functions such as loongarch_ipi_readl() and kvm_eiointc_read() may incorrectly write to the buffer, triggering a kernel panic and allowing exploitation. Immediate patching is recommended to mitigate this risk.

Affected Version(s)

Linux daee2f9cae5510ba1bd9eed6b0cf0ca8dc276118

Linux daee2f9cae5510ba1bd9eed6b0cf0ca8dc276118 < 5c68549c81bcca70fc464e305ffeefd9af968287

Linux 6.13

References

https://git.kernel.org/stable/c/b5b49d341f90eed6de794b6ff...

https://git.kernel.org/stable/c/5c68549c81bcca70fc464e305...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025