CVE-2025-38158

In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was combined into an address. Therefore, the address combination sequence needs to be corrected. Even after fixing the above problem, we still have an issue where the Guest from an old kernel can get migrated to new kernel and may result in wrong data. In order to ensure that the address is correct after migration, if an old magic number is detected, the dma address needs to be updated.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/7710c883eb8cb5cf510ca47ec0e26c6cb7e94a4f	Patch
https://git.kernel.org/stable/c/809a9c10274e1bcf6d05f1c0341459a425a4f05f	Patch
https://git.kernel.org/stable/c/884a76e813178778d271fea59783763d32bb7e72	Patch
https://git.kernel.org/stable/c/8bb7170c5a055ea17c6857c256ee73c10ff872eb	Patch
https://git.kernel.org/stable/c/f0423873e7aeb69cb68f4e8fa3827832e7b037ba	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-03 09:15

Updated : 2025-12-18 20:43

NVD link : CVE-2025-38158

Mitre link : CVE-2025-38158

CVE.ORG link : CVE-2025-38158

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-38158", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-03T09:15:30.890", "references": [{"url": "https://git.kernel.org/stable/c/7710c883eb8cb5cf510ca47ec0e26c6cb7e94a4f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/809a9c10274e1bcf6d05f1c0341459a425a4f05f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/884a76e813178778d271fea59783763d32bb7e72", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8bb7170c5a055ea17c6857c256ee73c10ff872eb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f0423873e7aeb69cb68f4e8fa3827832e7b037ba", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hisi_acc_vfio_pci: correcci\u00f3n del error de direcci\u00f3n dma de XQE Las direcciones dma de EQE y AEQE son incorrectas despu\u00e9s de la migraci\u00f3n, lo que provoca un fallo en los servicios de cifrado en modo kernel del invitado. Al comparar la definici\u00f3n de los registros de hardware, descubrimos que se produc\u00eda un error al combinar los datos le\u00eddos del registro en una direcci\u00f3n. Por lo tanto, es necesario corregir la secuencia de combinaci\u00f3n de direcciones. Incluso tras corregir el problema anterior, sigue existiendo un problema en el que el invitado de un kernel antiguo puede migrarse al nuevo, lo que puede generar datos err\u00f3neos. Para garantizar que la direcci\u00f3n sea correcta despu\u00e9s de la migraci\u00f3n, si se detecta un n\u00famero m\u00e1gico antiguo, es necesario actualizar la direcci\u00f3n dma."}], "lastModified": "2025-12-18T20:43:11.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B63426-2491-4514-8AE4-140C36735490", "versionEndExcluding": "6.1.142", "versionStartIncluding": "5.18"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "304E3F01-7D7A-4908-994E-7F95C5C00B06", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}