PatchSiren cyber security CVE debrief
CVE-2025-71104 Linux CVE debrief
A medium-severity vulnerability, CVE-2025-71104, was found in the Linux kernel's KVM x86. This issue may cause a VM hard lockup after prolonged inactivity with a periodic HV timer. The vulnerability has been resolved through multiple kernel patches. Affected systems may experience hard lockups if not patched. The vulnerability primarily affects Intel CPUs using the HV timer. System administrators should apply patches to prevent potential VM hard lockups.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-14
- Advisory updated
- 2026-07-14
Who should care
System administrators and security teams managing Linux-based virtualization environments, especially those using KVM on Intel CPUs, should be aware of this vulnerability. Applying the necessary patches is crucial to prevent potential VM hard lockups. These teams should review their current configurations and ensure that all necessary mitigations are in place.
Technical summary
The vulnerability occurs in the KVM x86 implementation, specifically with the hypervisor timer (HV timer). When the target expiration for the guest's APIC timer in periodic mode is advanced, setting it to 'now' if the target expiration is in the past is crucial. Failing to do so can lead to KVM generating an unbounded number of hrtimer IRQs, potentially causing hard lockups in the host. This issue primarily affects Intel CPUs using the HV timer. The vulnerability has been resolved through multiple kernel patches.
Defensive priority
Apply patches to fix the KVM x86 vulnerability. Monitor VM activity and HV timer usage. Implement compensating controls for VMs with prolonged inactivity. Review and update virtualization environment configurations to ensure the security of the system.
Recommended defensive actions
- Apply kernel patches to address the vulnerability
- Monitor VM activity and HV timer usage
- Implement compensating controls for VMs with prolonged inactivity
- Review and update virtualization environment configurations
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-01-14T15:15:59.423Z and last modified on 2026-07-14T13:18:03.120Z. Multiple patches have been applied to address this vulnerability. Evidence is limited, and defenders should verify the vulnerability's impact on their systems. The CVE record provides official details, but additional sources may offer further insights.
Official resources
-
CVE-2025-71104 CVE record
CVE.org
-
CVE-2025-71104 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-14T15:15:59.423Z and has not been modified since then.