CVE-2025-37849

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error.

Reserved 2025-04-16 | Published 2025-05-09 | Updated 2025-05-26 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 07476e0d932afc53c05468076393ac35d0b4999e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5085e02362b9948f82fceca979b8f8e12acb1cc5
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before c322789613407647a05ff5c451a7bf545fb34e73
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f1e9087abaeedec9bf2894a282ee4f0d8383f299
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 250f25367b58d8c65a1b060a2dda037eea09a672
affected

Default status
affected

6.1.135
unaffected

6.6.88
unaffected

6.12.24
unaffected

6.13.12
unaffected

6.14.3
unaffected

6.15
unaffected

References

git.kernel.org/...c/07476e0d932afc53c05468076393ac35d0b4999e

git.kernel.org/...c/5085e02362b9948f82fceca979b8f8e12acb1cc5

git.kernel.org/...c/c322789613407647a05ff5c451a7bf545fb34e73

git.kernel.org/...c/2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52

git.kernel.org/...c/f1e9087abaeedec9bf2894a282ee4f0d8383f299

git.kernel.org/...c/250f25367b58d8c65a1b060a2dda037eea09a672

cve.org (CVE-2025-37849)

nvd.nist.gov (CVE-2025-37849)

Download JSON