CVE-2025-39823

Опубликовано: 16 сент. 2025

Источник: redhat

CVSS3: 5.1

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_index_nospec() after the bounds checks clamps these values to mitigate speculative execution side-channels.

Отчет

Guest-controlled indices in KVM (PV send IPI / sched yield paths) could be speculatively used out-of-bounds, enabling a Spectre v1-style side channel to leak kernel/host data to a malicious guest. The fix clamps indices with array_index_nospec() after bounds checks, mitigating speculative out-of-bounds access.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2395804kernel: KVM: x86: use array_index_nospec with indices that come from guest

EPSS

Процентиль: 3%

0.00015

Низкий

5.1 Medium

CVSS3

Связанные уязвимости

CVE-2025-39823

CVSS3: 7.8

ubuntu

7 месяцев назад

CVE-2025-39823

CVSS3: 7.8

nvd

7 месяцев назад

CVE-2025-39823

CVSS3: 7.8

msrc

7 месяцев назад

KVM: x86: use array_index_nospec with indices that come from guest

CVE-2025-39823

CVSS3: 7.8

debian

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: K ...

GHSA-g6f5-85j8-c4fr

CVSS3: 7.8

github

7 месяцев назад

EPSS

Процентиль: 3%

0.00015

Низкий

5.1 Medium

CVSS3