Acknowledged
Created: Aug 20, 2025
Updated: Aug 26, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]x86/sev: Evict cache lines during SNP memory validation[EOL][EOL]An SNP cache coherency vulnerability requires a cache line eviction[EOL]mitigation when validating memory after a page state change to private.[EOL]The specific mitigation is to touch the first and last byte of each 4K[EOL]page that is being validated. There is no need to perform the mitigation[EOL]when performing a page state change to shared and rescinding validation.[EOL][EOL]CPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit[EOL]that, when set, indicates that the software mitigation for this[EOL]vulnerability is not needed.[EOL][EOL]Implement the mitigation and invoke it when validating memory (making it[EOL]private) and the COHERENCY_SFW_NO bit is not set, indicating the SNP[EOL]guest is vulnerable.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38560 (https://nvd.nist.gov/vuln/detail/CVE-2025-38560)
