CVE-2025-38351: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38351 is a vulnerability discovered in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation, specifically affecting the Hyper-V hypercalls functionality. The vulnerability was disclosed on July 19, 2025, and involves the handling of non-canonical addresses during PV TLB flush operations (NVD).

The vulnerability occurs in KVM guests with Hyper-V hypercalls enabled, specifically affecting the HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX hypercalls. When non-canonical Guest Virtual Addresses (GVAs) are passed, the system lacks proper filtering mechanisms, resulting in these addresses being passed to INVVPID on Intel or INVLPGA on AMD processors. While AMD's INVLPGA silently ignores these non-canonical addresses, Intel's INVVPID explicitly signals VM-Fail and triggers a WARN_ONCE in the invvpid_error function (NVD).

The impact of this vulnerability appears to be limited to system stability issues, particularly on Intel-based systems where the INVVPID instruction's failure can trigger warning messages and potentially affect system operations. The vulnerability primarily affects KVM environments running with Hyper-V hypercalls enabled (NVD).

The recommended solution involves skipping non-canonical GVAs when processing the list of addresses to avoid triggering the INVVPID failure. While an alternative approach of filtering out invalid GVAs before insertion into the FIFO was considered, the implemented solution focuses on validation during final processing (NVD).