CVE-2025-38506
📋 TL;DR
A denial-of-service vulnerability in the Linux kernel's KVM hypervisor allows attackers to cause CPU soft lockups when running SEV-SNP guests with large memory allocations (1TB+). This affects Linux systems using KVM virtualization with AMD SEV-SNP enabled, potentially causing host instability and service disruption.
💻 Affected Systems
- Linux Kernel KVM module
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete host CPU lockup requiring hard reboot, causing downtime for all VMs on the affected host.
Likely Case
Host becomes unresponsive or experiences severe performance degradation when specific memory operations are performed on large SEV-SNP guests.
If Mitigated
Minor performance impact with proper scheduling, no security bypass or data compromise.
🎯 Exploit Status
Exploitation requires KVM management privileges and ability to create/configure large SEV-SNP guests. Not a remote code execution or privilege escalation vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 1ef45ae7a3938f0844032ba670b4f89180a5bffc, 47bb584237cc285e3a860b70c01f7bda9dcfb05b, d9bd1163c8d8f716f45e54d034ee28757cc85549
Vendor Advisory: https://git.kernel.org/stable/c/1ef45ae7a3938f0844032ba670b4f89180a5bffc
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check kernel version with 'uname -r'. 3. Reboot system after kernel update. 4. Verify fix by checking kernel version matches patched release.
🔧 Temporary Workarounds
Limit SEV-SNP guest memory
allConfigure SEV-SNP guests with less than 1TB of memory to avoid triggering the soft lockup condition.
# Configure VM with less than 1TB RAM in libvirt/qemu configuration
Disable SEV-SNP for large guests
allUse standard encryption or no encryption for guests requiring large memory allocations.
# Disable SEV-SNP in VM configuration: <sev> section removal or <policy>0</policy>
🧯 If You Can't Patch
- Monitor host CPU usage and watch for soft lockup messages in kernel logs
- Implement strict access controls to KVM management interfaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version with 'uname -r' and verify if running vulnerable version with SEV-SNP enabled. Check dmesg for soft lockup messages during large memory operations.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable versions. Test with large SEV-SNP guest memory operations and monitor for soft lockups.📡 Detection & Monitoring
Log Indicators:
- kernel: watchdog: BUG: soft lockup - CPU# stuck for
- kernel: qemu-kvm process stuck in kvm_vm_set_mem_attributes
- kernel: CPU soft lockup messages with KVM/SEV-SNP context
Network Indicators:
- None - this is a local host vulnerability
SIEM Query:
source="kernel" AND "soft lockup" AND ("qemu-kvm" OR "KVM" OR "SEV-SNP")