ghsa-jrv2-7qh6-cgcr
Vulnerability from github
Published
2025-05-09 09:33
Modified
2025-05-09 09:33
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reset IRTE to host control if new route isn't postable
Restore an IRTE back to host control (remapped or posted MSI mode) if the new GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU.
The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst case scenario can result in use-after-free, e.g. if the VM is torn down, but the underlying host IRQ isn't freed.
{ "affected": [], "aliases": [ "CVE-2025-37885" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-05-09T07:16:09Z", "severity": null }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.", "id": "GHSA-jrv2-7qh6-cgcr", "modified": "2025-05-09T09:33:20Z", "published": "2025-05-09T09:33:20Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37885" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769" } ], "schema_version": "1.4.0", "severity": [] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…