CVE-2025-21839
KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
References
Notes
carnil> Introduced in 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for
carnil> KVM_DEBUGREG_WONT_EXIT")
carnil> d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6").
carnil> Vulnerable versions: 5.7.
Bugs
Status
| Branch |
Status |
| upstream |
released (6.14-rc3) [c2fee09fc167c74a64adb08656cb993ea475197e]
|
| 6.18-upstream-stable |
N/A "Fixed before branching point"
|
| 6.17-upstream-stable |
N/A "Fixed before branching point"
|
| 6.13-upstream-stable |
released (6.13.4) [d456de38d9eb753a4e9fde053c18d4ef8e485339]
|
| 6.12-upstream-stable |
released (6.12.16) [4eb063de686bfcdfd03a8c801d1bbe87d2d5eb55]
|
| 6.6-upstream-stable |
released (6.6.90) [a1723e9c53fe6431415be19302a56543daf503f5]
|
| 6.1-upstream-stable |
released (6.1.138) [93eeb6df1605b3a24f38afdba7ab903ba6b64133]
|
| 5.10-upstream-stable |
needed
|
| sid |
released (6.12.16-1)
|
| 6.12-trixie-security |
N/A "Fixed before branching point"
|
| 6.1-bookworm-security |
released (6.1.139-1)
|
| 5.10-bullseye-security |
needed
|
