CVE-2025-37936
📋 TL;DR
A Linux kernel vulnerability in KVM's handling of PEBS (Precise Event Based Sampling) performance monitoring allows a guest VM to crash when PEBS is unexpectedly enabled. This occurs when the kernel incorrectly enables PEBS for guest-only events, causing page faults. Affects Linux systems running KVM virtualization with Intel CPUs.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Guest VM crashes due to infinite page faults, causing denial of service to virtualized workloads.
Likely Case
Guest VM instability or crashes when using performance monitoring tools like 'perf kvm top' with older versions.
If Mitigated
No impact if PEBS is not used in guest VMs or if proper patching is applied.
🎯 Exploit Status
Exploitation requires local access to the host system and ability to configure guest VM performance monitoring. Primarily a denial of service issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 160153cf9e4aa875ad086cc094ce34aac8e13d63 through 86aa62895fc2fb7ab09d7ca40fae8ad09841f66b
Vendor Advisory: https://git.kernel.org/stable/c/160153cf9e4aa875ad086cc094ce34aac8e13d63
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable PEBS in guest VMs
linuxPrevent guest VMs from using PEBS performance monitoring
echo 0 > /sys/module/kvm_intel/parameters/enable_pebs
Avoid perf kvm commands
linuxDo not use 'perf kvm' commands that trigger PEBS events in guests
🧯 If You Can't Patch
- Disable PEBS entirely on KVM hosts by setting kernel parameter 'enable_pebs=0'
- Monitor guest VM stability and avoid performance monitoring tools that use PEBS
🔍 How to Verify
Check if Vulnerable:
Check if running affected kernel version and if KVM with Intel CPU is enabled: 'uname -r' and 'lsmod | grep kvm'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check kernel changelog for PEBS fixes📡 Detection & Monitoring
Log Indicators:
- Guest VM crashes with page fault errors
- Kernel logs showing PEBS-related errors
- Performance monitoring tool failures
Network Indicators:
- None - local system issue only
SIEM Query:
Search for: 'page fault' AND 'PEBS' OR 'kvm' AND 'crash' in system logs🔗 References
- https://git.kernel.org/stable/c/160153cf9e4aa875ad086cc094ce34aac8e13d63
- https://git.kernel.org/stable/c/34b6fa11431aef71045ae5a00d90a7d630597eda
- https://git.kernel.org/stable/c/44ee0afc9d1e7a7c1932698de01362ed80cfc4b5
- https://git.kernel.org/stable/c/58f6217e5d0132a9f14e401e62796916aa055c1b
- https://git.kernel.org/stable/c/86aa62895fc2fb7ab09d7ca40fae8ad09841f66b
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
