Description

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in.

INFO

Published Date :

2025-11-12T10:24:36.429Z

Last Modified :

2026-01-02T15:33:05.136Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40160 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40160.

URL Resource
https://git.kernel.org/stable/c/07ce121d93a5e5fb2440a24da3dbf408fcee978e cve-icon cve-icon
https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 cve-icon cve-icon
https://git.kernel.org/stable/c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa cve-icon cve-icon
https://git.kernel.org/stable/c/f81db055a793eca9d05f79658ff62adafb41d664 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025111239-CVE-2025-40160-b13a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40160 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40160 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact