PT-2025-27743 · Linux+6 · Linux Kernel+6

Published

2025-05-10

·

Updated

2026-04-20

·

CVE-2025-38158

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A vulnerability in the Linux kernel has been resolved, specifically in the hisi acc vfio pci module, where the dma addresses of EQE and AEQE are incorrect after migration, resulting in guest kernel-mode encryption services failure. The issue arises from an error when combining data read from hardware registers into an address. Even after fixing this problem, an issue remains where a guest from an old kernel can be migrated to a new kernel, potentially resulting in incorrect data. To ensure correct addresses after migration, the dma address needs to be updated if an old magic number is detected.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Weakness Enumeration

CWE-20

Related Identifiers

AZL-64613
BDU:2025-10125
CVE-2025-38158
DLA-4328-1
DSA-5973-1
ECHO-3C42-8309-2651
MGASA-2025-0218
MGASA-2025-0219
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu