Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error.

INFO

Published Date :

2025-05-09T06:41:56.874Z

Last Modified :

2025-12-20T08:51:43.143Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37849 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37849.

URL Resource
https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e cve-icon cve-icon
https://git.kernel.org/stable/c/2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52 cve-icon cve-icon
https://git.kernel.org/stable/c/250f25367b58d8c65a1b060a2dda037eea09a672 cve-icon cve-icon
https://git.kernel.org/stable/c/5085e02362b9948f82fceca979b8f8e12acb1cc5 cve-icon cve-icon
https://git.kernel.org/stable/c/c322789613407647a05ff5c451a7bf545fb34e73 cve-icon cve-icon
https://git.kernel.org/stable/c/f1e9087abaeedec9bf2894a282ee4f0d8383f299 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025050918-CVE-2025-37849-2a30@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37849 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37849 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact