CVE-2025-38469
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's KVM component for x86/xen virtualization. It involves incorrect cleanup logic in the emulation of Xen schedop poll hypercalls. Specifically, when a virtual machine polls the host for more than one event channel port, the function kvm_xen_schedop_poll allocates memory using kmalloc_array(). However, if an error occurs after this allocation, the error handling does not properly follow the cleanup path labeled "out" after calling kvm_read_guest_virt(), potentially leading to improper resource cleanup.
How can this vulnerability impact me? :
The vulnerability could lead to improper cleanup of allocated memory during certain hypercall operations in virtualized environments using KVM with Xen. This might cause resource leaks or instability in the host or guest virtual machines, potentially affecting system reliability or performance.