Bug 2365279 (CVE-2025-37885) - CVE-2025-37885 kernel: KVM: x86: Reset IRTE to host control if *new* route isn't postable
Summary: CVE-2025-37885 kernel: KVM: x86: Reset IRTE to host control if *new* route is...
Keywords:
Status: NEW
Alias: CVE-2025-37885
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-09 07:03 UTC by OSIDB Bzimport
Modified: 2025-05-09 07:38 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-09 07:03:09 UTC 
In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Reset IRTE to host control if *new* route isn't postable

Restore an IRTE back to host control (remapped or posted MSI mode) if the
*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of
the GSI routing type.  Updating the IRTE if and only if the new GSI is an
MSI results in KVM leaving an IRTE posting to a vCPU.

The dangling IRTE can result in interrupts being incorrectly delivered to
the guest, and in the worst case scenario can result in use-after-free,
e.g. if the VM is torn down, but the underlying host IRQ isn't freed.
Comment 1 Michal Findra 2025-05-09 07:33:35 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050945-CVE-2025-37885-a5d9@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.