Executive Summary

Informations
Name CVE-2025-37849 First vendor Publication 2025-05-09
Vendor Cve Last vendor Modification 2025-05-12

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Tear down vGIC on failed vCPU creation

If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU.

Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37849

Sources (Detail)

https://git.kernel.org/stable/c/07476e0d932afc53c05468076393ac35d0b4999e
https://git.kernel.org/stable/c/2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52
https://git.kernel.org/stable/c/250f25367b58d8c65a1b060a2dda037eea09a672
https://git.kernel.org/stable/c/5085e02362b9948f82fceca979b8f8e12acb1cc5
https://git.kernel.org/stable/c/c322789613407647a05ff5c451a7bf545fb34e73
https://git.kernel.org/stable/c/f1e9087abaeedec9bf2894a282ee4f0d8383f299
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-05-27 02:57:29
  • First insertion