VDB
DEBIAN-CVE-2025-38469
DEBIAN-CVE-2025-38469
PUBLISHED
CVSS 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvm_xen_schedop_poll does a kmalloc_array() when a VM polls the host for more than one event channel potr (nr_ports > 1). After the kmalloc_array(), the error paths need to go through the "out" label, but the call to kvm_read_guest_virt() does not. [Adjusted commit message. - Paolo]
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 6.12.38-1, 0 |
| Debian:14 | linux | 6.12.57-1, 6.12.57-1~bpo12+1, 6.12.63-1~bpo12+1 |
Timeline
- Jul 28, 2025 CVE Published
- Apr 28, 2026 CVE Updated