Bug 2373389 (CVE-2025-38026) - CVE-2025-38026 kernel: x86/sev: Do not touch VMSA pages during SNP guest memory kdump
Summary: CVE-2025-38026 kernel: x86/sev: Do not touch VMSA pages during SNP guest memo...
Keywords:
Status: NEW
Alias: CVE-2025-38026
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-06-18 10:05 UTC by OSIDB Bzimport
Modified: 2025-06-20 14:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-06-18 10:05:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

x86/sev: Do not touch VMSA pages during SNP guest memory kdump

When kdump is running makedumpfile to generate vmcore and dump SNP guest
memory it touches the VMSA page of the vCPU executing kdump.

It then results in unrecoverable #NPF/RMP faults as the VMSA page is
marked busy/in-use when the vCPU is running and subsequently a causes
guest softlockup/hang.

Additionally, other APs may be halted in guest mode and their VMSA pages
are marked busy and touching these VMSA pages during guest memory dump
will also cause #NPF.

Issue AP_DESTROY GHCB calls on other APs to ensure they are kicked out
of guest mode and then clear the VMSA bit on their VMSA pages.

If the vCPU running kdump is an AP, mark it's VMSA page as offline to
ensure that makedumpfile excludes that page while dumping guest memory.
Comment 1 Avinash Hanwate 2025-06-20 14:22:13 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025061848-CVE-2025-38026-5674@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.