CVE-2025-68743

Vulnerability

Overview The vulnerability resides in the Microsoft Hyper-V (mshv) driver within the Linux kernel. The function responsible for checking whether a new memory region overlaps with existing regions only verified if the start or end address of the new region fell inside an existing region. This logic failed to detect cases where a user-supplied region completely enveloped an existing region, as neither endpoint would lie within the existing region's boundaries [1].

Exploitation

Prerequisites An attacker would need the ability to create memory regions via the mshv interface, which typically requires elevated privileges (e.g., root or CAP_SYS_ADMIN). By crafting a region that starts before and ends after an existing region, the flawed check would pass, allowing the creation of overlapping memory mappings. No authentication is required beyond the necessary system access.

Impact

Successful exploitation could result in overlapping memory regions within the hypervisor partition. This may lead to memory corruption, information disclosure, or other undefined behavior, potentially compromising the integrity of the virtual machine or the host system. The exact impact depends on how the overlapping regions are used by subsequent operations.

Mitigation

The fix, introduced in Linux kernel stable commit ab3e7a78d83a, replaces the endpoint-based check with a proper range intersection test for both guest physical frame numbers (gfns) and user addresses (uaddrs). The unused helper function mshv_partition_region_by_uaddr() is also removed. Users should apply the latest kernel updates to address this vulnerability [1].