Impact
The flaw involves a conditional WARN statement in the Linux kernel’s KVM implementation that incorrectly triggers when a guest page is marked dirty during a VM exit if there is no active vCPU and the VM is being destroyed. The warning logic was intended to guard against missed pushes of dirty pages to the active vCPU’s dirty ring, but it also caused a memory leak for x86 SEV‑ES guests because the page mapping was not cleaned up properly, leading to unused memory remaining allocated. Although the vulnerability cannot be directly exploited for remote code execution or other classic attacks, the resulting memory leak can degrade host availability by exhausting system memory over time.
Affected Systems
This issue affects the Linux kernel’s KVM subsystem on all Linux platforms that support SEV‑ES guests. It applies to the KVM module in the kernel (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*), regardless of the specific kernel version, as long as SEV‑ES functionality is enabled. End‑users running virtual machines that rely on SEV‑ES should be aware that the kernel’s page mapping cleanup logic may leave orphaned pages until the kernel is updated.
Risk and Exploitability
The CVSS score is not publicly available, and the EPSS score is undefined; the vulnerability is not listed in the CISA KEV catalog. Because the flaw manifests only when a VM is terminated without a running vCPU, exploitation requires the attacker to have control over the guest lifecycle on the host, which is typically limited to privileged system access. In practice, the risk is low to moderate, primarily as a resource depletion concern rather than a code‑execution vector. The fix mitigates the issue by suppressing the misleading WARN and removing the memory leak during VM shutdown.
OpenCVE Enrichment