{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38508", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.022Z", "datePublished": "2025-08-16T10:54:45.567Z", "dateUpdated": "2025-08-16T10:54:45.567Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-16T10:54:45.567Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Use TSC_FACTOR for Secure TSC frequency calculation\n\nWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on\nthe nominal P0 frequency, which deviates slightly (typically ~0.2%) from\nthe actual mean TSC frequency due to clocking parameters.\n\nOver extended VM uptime, this discrepancy accumulates, causing clock skew\nbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts as\nperceived by the guest.\n\nThe guest kernel relies on the reported nominal frequency for TSC-based\ntimekeeping, while the actual frequency set during SNP_LAUNCH_START may\ndiffer. This mismatch results in inaccurate time calculations, causing the\nguest to perceive hrtimers as firing earlier than expected.\n\nUtilize the TSC_FACTOR from the SEV firmware's secrets page (see \"Secrets\nPage Format\" in the SNP Firmware ABI Specification) to calculate the mean\nTSC frequency, ensuring accurate timekeeping and mitigating clock skew in\nSEV-SNP VMs.\n\nUse early_ioremap_encrypted() to map the secrets page as\nioremap_encrypted() uses kmalloc() which is not available during early TSC\ninitialization and causes a panic.\n\n [ bp: Drop the silly dummy var:\n https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/coco/sev/core.c", "arch/x86/include/asm/sev.h"], "versions": [{"version": "73bbf3b0fbba9aa27fef07a1fbd837661a863f03", "lessThan": "d0195c42e65805938c9eb507657e7cdf8e1e9522", "status": "affected", "versionType": "git"}, {"version": "73bbf3b0fbba9aa27fef07a1fbd837661a863f03", "lessThan": "52e1a03e6cf61ae165f59f41c44394a653a0a788", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/coco/sev/core.c", "arch/x86/include/asm/sev.h"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.7", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.15.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d0195c42e65805938c9eb507657e7cdf8e1e9522"}, {"url": "https://git.kernel.org/stable/c/52e1a03e6cf61ae165f59f41c44394a653a0a788"}], "title": "x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Use TSC_FACTOR for Secure TSC frequency calculation\n\nWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on\nthe nominal P0 frequency, which deviates slightly (typically ~0.2%) from\nthe actual mean TSC frequency due to clocking parameters.\n\nOver extended VM uptime, this discrepancy accumulates, causing clock skew\nbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts as\nperceived by the guest.\n\nThe guest kernel relies on the reported nominal frequency for TSC-based\ntimekeeping, while the actual frequency set during SNP_LAUNCH_START may\ndiffer. This mismatch results in inaccurate time calculations, causing the\nguest to perceive hrtimers as firing earlier than expected.\n\nUtilize the TSC_FACTOR from the SEV firmware's secrets page (see \"Secrets\nPage Format\" in the SNP Firmware ABI Specification) to calculate the mean\nTSC frequency, ensuring accurate timekeeping and mitigating clock skew in\nSEV-SNP VMs.\n\nUse early_ioremap_encrypted() to map the secrets page as\nioremap_encrypted() uses kmalloc() which is not available during early TSC\ninitialization and causes a panic.\n\n [ bp: Drop the silly dummy var:\n https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/sev: Usar TSC_FACTOR para el c\u00e1lculo de frecuencia de Secure TSC. Al usar Secure TSC, el MSR GUEST_TSC_FREQ informa una frecuencia basada en la frecuencia P0 nominal, que se desv\u00eda ligeramente (normalmente ~0,2 %) de la frecuencia media real de TSC debido a los par\u00e1metros de reloj. Con el tiempo de actividad prolongado de la m\u00e1quina virtual, esta discrepancia se acumula, causando un sesgo de reloj entre el hipervisor y una m\u00e1quina virtual SEV-SNP, lo que lleva a interrupciones tempranas del temporizador seg\u00fan lo percibe el invitado. El kernel invitado se basa en la frecuencia nominal informada para el control de tiempo basado en TSC, mientras que la frecuencia real establecida durante SNP_LAUNCH_START puede diferir. Esta falta de coincidencia resulta en c\u00e1lculos de tiempo inexactos, lo que hace que el invitado perciba que los temporizadores hr se activan antes de lo esperado. Utilice el factor TSC_FACTOR de la p\u00e1gina de secretos del firmware SEV (consulte \"Formato de la p\u00e1gina de secretos\" en la especificaci\u00f3n ABI del firmware SNP) para calcular la frecuencia media de TSC, lo que garantiza una sincronizaci\u00f3n precisa y mitiga el desfase de reloj en las m\u00e1quinas virtuales SEV-SNP. Utilice early_ioremap_encrypted() para mapear la p\u00e1gina de secretos, ya que ioremap_encrypted() utiliza kmalloc(), que no est\u00e1 disponible durante la inicializaci\u00f3n temprana de TSC y provoca un p\u00e1nico. [bp: Eliminar la variable ficticia: https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local]"}], "id": "CVE-2025-38508", "lastModified": "2025-08-18T20:16:28.750", "metrics": {}, "published": "2025-08-16T11:15:43.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/52e1a03e6cf61ae165f59f41c44394a653a0a788"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0195c42e65805938c9eb507657e7cdf8e1e9522"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}