CVE-2025-37936Linux vulnerability

48 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV3.2
EPSS
0.1%
top 74.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedMay 20
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PEBS_ENABLE value. Consulting only the host kernel's host vs. guest masks results in running the guest with PEBS enabled even when the guest doesn't want to use PEBS. Because KVM uses perf events to proxy the guest virtual

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel6.06.1.138+4
Debianlinux/linux_kernel< 6.1.140-1+2
Ubuntulinux/linux_kernel< 6.8.0-100.100+1

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

24
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

23
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-37936 — Linux vulnerability | cvebase