CVE-2025-39823
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_index_nospec() after the bounds checks clamps these values to mitigate speculative execution side-channels.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39823
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's KVM x86 component involves the use of guest-controlled indices (min and dest_id) without proper mitigation against speculative execution side-channel attacks. The fix applies array_index_nospec() after bounds checks to clamp these values, preventing potential speculative execution attacks that could leak sensitive information.

Impact Analysis

If exploited, this vulnerability could allow an attacker controlling a guest virtual machine to perform speculative execution side-channel attacks, potentially leaking sensitive information from the host or other guests.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart