{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38508","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.022Z","datePublished":"2025-08-16T10:54:45.567Z","dateUpdated":"2026-05-11T21:29:22.593Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:29:22.593Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Use TSC_FACTOR for Secure TSC frequency calculation\n\nWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on\nthe nominal P0 frequency, which deviates slightly (typically ~0.2%) from\nthe actual mean TSC frequency due to clocking parameters.\n\nOver extended VM uptime, this discrepancy accumulates, causing clock skew\nbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts as\nperceived by the guest.\n\nThe guest kernel relies on the reported nominal frequency for TSC-based\ntimekeeping, while the actual frequency set during SNP_LAUNCH_START may\ndiffer. This mismatch results in inaccurate time calculations, causing the\nguest to perceive hrtimers as firing earlier than expected.\n\nUtilize the TSC_FACTOR from the SEV firmware's secrets page (see \"Secrets\nPage Format\" in the SNP Firmware ABI Specification) to calculate the mean\nTSC frequency, ensuring accurate timekeeping and mitigating clock skew in\nSEV-SNP VMs.\n\nUse early_ioremap_encrypted() to map the secrets page as\nioremap_encrypted() uses kmalloc() which is not available during early TSC\ninitialization and causes a panic.\n\n  [ bp: Drop the silly dummy var:\n    https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/coco/sev/core.c","arch/x86/include/asm/sev.h"],"versions":[{"version":"73bbf3b0fbba9aa27fef07a1fbd837661a863f03","lessThan":"d0195c42e65805938c9eb507657e7cdf8e1e9522","status":"affected","versionType":"git"},{"version":"73bbf3b0fbba9aa27fef07a1fbd837661a863f03","lessThan":"52e1a03e6cf61ae165f59f41c44394a653a0a788","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/coco/sev/core.c","arch/x86/include/asm/sev.h"],"versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d0195c42e65805938c9eb507657e7cdf8e1e9522"},{"url":"https://git.kernel.org/stable/c/52e1a03e6cf61ae165f59f41c44394a653a0a788"}],"title":"x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation","x_generator":{"engine":"bippy-1.2.0"}}}}