CVE-2025-71104

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the KVM hypervisor and its handling of the periodic HV timer. Specifically, when resuming a virtual machine after a prolonged period of inactivity, the timer expiration calculation can lead to an unbounded number of hypervisor timer interrupts. This can result in a hard lockup of the host system, particularly on Intel CPUs utilizing the hypervisor timer. The issue arises from incorrectly advancing the target expiration for the guest's APIC timer, potentially causing an overflow in the timer's maximum bit width and a switch to the software timer. Subsequent rapid timer expirations within the interrupt handler can then trigger the lockup. A hard lockup was observed in a Windows VM after resuming from a long suspend. Switching to the software timer can cause periodic timer expiration callbacks to be executed consecutively within a single clock interrupt handler, leading to the lockup.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.