Impact
The vulnerability occurs when the kernel handles an extended guest request. The host can return an error containing an invalid buffer size. The kernel then uses that length to compute a page order for freeing memory, which may not match the original allocation. This can corrupt the page allocator, leading to kernel memory corruption that could allow an attacker to crash the system, gain higher privileges, or cause denial of service.
Affected Systems
Vulnerable configurations exist in the Linux kernel across all variants before the fix. The affected sources are under the Linux kernel CNA; any distribution shipping an older kernel image that has not incorporated the commit references is potentially impacted. Users should verify whether their distribution’s kernel version includes the updates for the sev‑guest cleanup path.
Risk and Exploitability
The flaw is a classic kernel‑mode memory corruption. The CVSS score of 7.8 indicates high severity, while the EPSS score is < 1%, indicating low probability of exploitation. The issue is not listed in CISA KEV. Exploitation requires a guest that can trigger the extended request, so it is limited to virtual machines with the vulnerable kernel. Despite the low probability, the potential impact is severe, warranting prompt attention.
OpenCVE Enrichment