CVE-2025-38046 in Linuxinfo

Summary

by MITRE • 06/18/2025

In the Linux kernel, the following vulnerability has been resolved:

xen: Add support for XenServer 6.1 platform device

On XenServer on Windows machine a platform device with ID 2 instead of 1 is used.

This device is mainly identical to device 1 but due to some Windows update behaviour it was decided to use a device with a different ID.

This causes compatibility issues with Linux which expects, if Xen is detected, to find a Xen platform device (5853:0001) otherwise code will crash due to some missing initialization (specifically grant tables). Specifically from dmesg

RIP: 0010:gnttab_expand+0x29/0x210 Code: 90 0f 1f 44 00 00 55 31 d2 48 89 e5 41 57 41 56 41 55 41 89 fd 41 54 53 48 83 ec 10 48 8b 05 7e 9a 49 02 44 8b 35 a7 9a 49 02 48 04 8d 44 39 ff f7 f1 45 8d 24 06 89 c3 e8 43 fe ff ff 44 39 RSP: 0000:ffffba34c01fbc88 EFLAGS: 00010086 ...

The device 2 is presented by Xapi adding device specification to Qemu command line.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 02/02/2026

The vulnerability CVE-2025-38046 represents a compatibility issue within the Linux kernel's Xen hypervisor support, specifically affecting systems running XenServer 6.1 platforms. This issue stems from a fundamental change in how platform devices are identified and handled between Windows and Linux environments within virtualized infrastructures. The core problem manifests when Linux kernel code attempts to initialize Xen-specific components, particularly grant tables, which are essential for memory management and inter-vm communication in virtualized environments. The vulnerability occurs because Linux expects to find a specific Xen platform device with vendor ID 5853 and device ID 0001, but XenServer 6.1 on Windows systems uses device ID 0002 instead, creating a mismatch that leads to kernel crashes during initialization phases.

The technical flaw resides in the kernel's device detection and initialization logic within the Xen subsystem, where the code assumes a specific device ID pattern for platform devices. When the kernel detects Xen hypervisor presence, it expects to find the standard Xen platform device with ID 1 (0001), but the modified device ID 2 (0002) used by XenServer 6.1 causes the initialization process to fail catastrophically. The crash occurs in the gnttab_expand function which is part of the grant table management system, indicating that the kernel cannot properly establish the memory sharing mechanisms required for hypervisor operations. This represents a clear violation of the expected device enumeration patterns and demonstrates a lack of proper device ID variant handling in the kernel's Xen support code.

The operational impact of this vulnerability is significant for organizations running mixed hypervisor environments or those migrating from Windows-based XenServer deployments to Linux-based systems. When the kernel encounters the unexpected device ID, it fails to properly initialize grant tables and other critical Xen components, resulting in kernel panics and system crashes. This affects not only the stability of virtualized environments but also the reliability of cloud infrastructure deployments where Linux-based virtual machines are hosted on XenServer 6.1 platforms. The specific error pattern in dmesg output shows the kernel attempting to execute grant table expansion code that fails due to missing initialization, which is a direct consequence of the device ID mismatch and demonstrates the severity of the impact on system functionality.

From a security perspective, this vulnerability falls under CWE-264, which addresses permissions, privileges, and access controls, as it relates to improper handling of device identification and initialization sequences that can lead to system instability and potential denial-of-service conditions. The vulnerability also aligns with ATT&CK technique T1499.001, which involves network denial of service attacks through infrastructure manipulation, as the device ID mismatch can cause complete system outages in virtualized environments. Mitigation strategies should focus on updating kernel versions that include proper device ID handling for XenServer 6.1 platforms, implementing device-specific initialization routines that can accommodate multiple device IDs, and ensuring proper virtualization layer compatibility testing before deploying mixed hypervisor environments. Organizations should also consider maintaining updated Xen hypervisor versions that align with Linux kernel device identification requirements to prevent similar compatibility issues in the future.

Responsible

Linux

Reservation

04/16/2025

Disclosure

06/18/2025

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!