CVE-2025-39823
published 2025-09-16CVE-2025-39823: In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: use array_index_nospec with indices that come from guest
min and dest_id are guest-controlled indices. Using array_index_nospec()
after the bounds checks clamps these values to mitigate speculative execution
side-channels.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < 72777fc31aa7ab2ce00f44bfa3929c6eabbeaf48 | 72777fc31aa7ab2ce00f44bfa3929c6eabbeaf48 |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < 31a0ad2f60cb4816e06218b63e695eb72ce74974 | 31a0ad2f60cb4816e06218b63e695eb72ce74974 |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < d51e381beed5e2f50f85f49f6c90e023754efa12 | d51e381beed5e2f50f85f49f6c90e023754efa12 |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < 33e974c2d5a82b2f9d9ba0ad9cbaabc1c8e3985f | 33e974c2d5a82b2f9d9ba0ad9cbaabc1c8e3985f |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < f49161646e03d107ce81a99c6ca5da682fe5fb69 | f49161646e03d107ce81a99c6ca5da682fe5fb69 |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < 67a05679621b7f721bdba37a5d18665d3aceb695 | 67a05679621b7f721bdba37a5d18665d3aceb695 |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < f57a4bd8d6cb5af05b8ac1be9098e249034639fb | f57a4bd8d6cb5af05b8ac1be9098e249034639fb |
| linux | linux | >= 4180bf1b655a791a0a6ef93a2ffffc762722c782 < c87bd4dd43a624109c3cc42d843138378a7f4548 | c87bd4dd43a624109c3cc42d843138378a7f4548 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.5-1 | 6.16.5-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 4.19 < 5.4.298 | 5.4.298 |
| linux | linux_kernel | >= 5.11 < 5.15.191 | 5.15.191 |
| linux | linux_kernel | >= 5.16 < 6.1.150 | 6.1.150 |
| linux | linux_kernel | >= 5.5 < 5.10.242 | 5.10.242 |
| linux | linux_kernel | >= 6.13 < 6.16.5 | 6.16.5 |
| linux | linux_kernel | >= 6.2 < 6.6.104 | 6.6.104 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH