AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-38560: In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory valida

mediumvulnerability

security

Source: NVD/CVE DatabaseAugust 19, 2025CVE-2025-38560

Summary

A vulnerability in the Linux kernel's AMD SEV-SNP (Secure Encrypted Virtualization with Secure Nested Paging, a feature that isolates virtual machine memory) could allow cache coherency issues when memory is marked as private. The fix involves touching the first and last byte of each 4K page (a memory unit) during validation when a specific CPU flag indicates the vulnerability exists.

Solution / Mitigation

Implement a cache line eviction mitigation by touching the first and last byte of each 4K page being validated when changing page state to private. The mitigation should be invoked when validating memory and when the COHERENCY_SFW_NO CPUID bit (a CPU feature flag) is not set, indicating the SNP guest is vulnerable. No mitigation is needed when performing a page state change to shared and rescinding validation.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-38560

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%