CVE-2025-37849

KVM: arm64: Tear down vGIC on failed vCPU creation

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the
hypervisor, we propagate the error back to the ioctl but leave the
vGIC vCPU data initialised. Note only does this leak the corresponding
memory when the vCPU is destroyed but it can also lead to use-after-free
if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the
vGIC vCPU structures are destroyed on error.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-05-09 CVE Published
2025-05-09 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e	2025-04-25
https://git.kernel.org/stable/c/5085e02362b9948f82fceca979b8f8e12acb1cc5	2025-04-25
https://git.kernel.org/stable/c/c322789613407647a05ff5c451a7bf545fb34e73	2025-04-20
https://git.kernel.org/stable/c/2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52	2025-04-20
https://git.kernel.org/stable/c/f1e9087abaeedec9bf2894a282ee4f0d8383f299	2025-04-20
https://git.kernel.org/stable/c/250f25367b58d8c65a1b060a2dda037eea09a672	2025-03-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.135 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.135"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.88 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.24 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13.12 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.15-rc1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.15-rc1"		en		Affected