Main Vulnerability Database SB2025031022

SB2025031022 - Infinite loop in Linux kernel include asm

Published: March 10, 2025 Updated: May 11, 2025

Security Bulletin ID SB2025031022

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2025-21839)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/4eb063de686bfcdfd03a8c801d1bbe87d2d5eb55
https://git.kernel.org/stable/c/c2fee09fc167c74a64adb08656cb993ea475197e
https://git.kernel.org/stable/c/d456de38d9eb753a4e9fde053c18d4ef8e485339
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.4