CVE-2025-38560
📋 TL;DR
This CVE addresses a cache coherency vulnerability in the Linux kernel's x86 Secure Encrypted Virtualization (SEV) implementation. It affects systems using AMD Secure Nested Paging (SNP) technology where memory validation after page state changes to private could allow potential information disclosure or data corruption. The vulnerability specifically impacts Linux kernel systems running on AMD EPYC processors with SEV-SNP enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker with guest VM access could potentially read sensitive data from other VMs or the hypervisor through cache timing side-channels, leading to information disclosure across VM boundaries.
Likely Case
Information leakage between VMs on the same physical host, potentially exposing sensitive data from one VM to another through cache-based side-channel attacks.
If Mitigated
With proper mitigation implemented, the cache coherency issue is resolved, preventing cross-VM information leakage through this specific vulnerability vector.
🎯 Exploit Status
Exploitation requires local access to a guest VM, knowledge of cache timing attacks, and specific hardware/software configuration. No public exploits are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1fb873971e23c35c53823c62809a474a92bc3022 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/1fb873971e23c35c53823c62809a474a92bc3022
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. For distributions: apply security updates from your vendor. 3. Reboot the system to load the new kernel. 4. Verify the fix is applied by checking kernel version or CPUID bit Fn8000001F_EBX[31].
🔧 Temporary Workarounds
Disable SEV-SNP
allDisable Secure Nested Paging feature if not required, which prevents exploitation of this vulnerability
Modify kernel boot parameters to disable SEV-SNP (specific parameters vary by distribution)
🧯 If You Can't Patch
- Disable SEV-SNP feature in BIOS/UEFI settings if not required for your workload
- Isolate VMs with sensitive data on separate physical hosts to prevent cross-VM attacks
🔍 How to Verify
Check if Vulnerable:
Check if SEV-SNP is enabled and CPUID bit Fn8000001F_EBX[31] (COHERENCY_SFW_NO) is not set. Use 'cat /proc/cpuinfo | grep -i sev' and check kernel version.Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains the fix commits or check that the mitigation is applied by examining kernel logs for SEV cache mitigation messages.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing SEV memory validation operations
- System logs indicating SEV-SNP initialization
Network Indicators:
- No network indicators - this is a local vulnerability
SIEM Query:
Search for kernel panic logs or SEV-related error messages in system logs🔗 References
- https://git.kernel.org/stable/c/1fb873971e23c35c53823c62809a474a92bc3022
- https://git.kernel.org/stable/c/1fec416c03d0a64cc21aa04ce4aa14254b017e6a
- https://git.kernel.org/stable/c/7b306dfa326f70114312b320d083b21fa9481e1e
- https://git.kernel.org/stable/c/a762a4c8d9e768b538b3cc60615361a8cf377de8
- https://git.kernel.org/stable/c/aed15fc08f15dbb15822b2a0b653f67e76aa0fdf
- https://git.kernel.org/stable/c/f92af52e6dbd8d066d77beba451e0230482dc45b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
