PT-2025-14294 · Linux+6 · Linux Kernel+6

Published

2025-03-07

·

Updated

2026-04-20

·

CVE-2025-21913

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Linux kernel, where a vulnerability has been resolved by using rdmsr safe() in amd get mmconfig range(). This change is necessary because Xen does not offer MSR FAM10H MMIO CONF BASE to all guests, resulting in an unchecked MSR access error. The error occurs when trying to access the MSR FAM10H MMIO CONF BASE register, which is not available to all guests. The vulnerability is exposed when the Xen MSR accessors are fixed to not be silently safe.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-264

Related Identifiers

BDU:2025-03888
CVE-2025-21913
DLA-4193-1
DSA-5900-1
ECHO-0FEF-5558-55FB
OESA-2025-2551
OESA-2025-2556
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20206-1
SUSE-SU-2025:20270-1
SUSE-SU-2025:20283-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
USN-7605-1
USN-7605-2
USN-7606-1
USN-7628-1
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu