CVE-2025-38469

KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvm_xen_schedop_poll does a kmalloc_array() when a VM polls the host for more than one event channel potr (nr_ports > 1). After the kmalloc_array(), the error paths need to go through the "out" label, but the call to kvm_read_guest_virt() does not. [Adjusted commit message. - Paolo]

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/3ee59c38ae7369ad1f7b846e05633ccf0d159fab
https://git.kernel.org/stable/c/fd627ac8a5cff4d45269f164b13ddddc0726f2cc
https://git.kernel.org/stable/c/061c553c66bc1638c280739999224c8000fd4602
https://git.kernel.org/stable/c/5a53249d149f48b558368c5338b9921b76a12f8c

Frequently Asked Questions

What is the severity of CVE-2025-38469?: CVE-2025-38469 has not yet been assigned a CVSS score.
How to fix CVE-2025-38469?: To fix CVE-2025-38469, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38469 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-38469 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38469?: CVE-2025-38469 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.