CVE-2025-23141

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc3

Description A vulnerability in the Linux kernel has been resolved, specifically in the KVM (Kernel-based Virtual Machine) module. The issue arises when the vCPU is in L2 with INIT and a TRIPLE FAULT request pending, allowing accesses to guest memory. This can trigger a nested VM-Exit, potentially accessing guest memory. The vulnerability was originally discovered by syzkaller on a Google-internal kernel and reproduced on an upstream kernel.

Recommendations To resolve the issue, update the Linux kernel to a version later than 6.14.0-rc3. As a temporary workaround, consider disabling the kvm vcpu ioctl function until a patch is available. Restrict access to the kvm->srcu lock to minimize the risk of exploitation. Avoid using the vcpu mp state get function in the affected API endpoint until the issue is resolved.