CVE-2025-38158 Affecting gfs2-kmp-default package, versions <6.4.0-150600.23.65.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.02% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-GFS2KMPDEFAULT-12218814
  • published28 Aug 2025
  • disclosed27 Aug 2025

Introduced: 27 Aug 2025

CVE-2025-38158  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 gfs2-kmp-default to version 6.4.0-150600.23.65.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gfs2-kmp-default package and not the gfs2-kmp-default package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

hisi_acc_vfio_pci: fix XQE dma address error

The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was combined into an address. Therefore, the address combination sequence needs to be corrected.

Even after fixing the above problem, we still have an issue where the Guest from an old kernel can get migrated to new kernel and may result in wrong data.

In order to ensure that the address is correct after migration, if an old magic number is detected, the dma address needs to be updated.

CVSS Base Scores

version 3.1