KVM Vulnerability in Linux Kernel Affecting Hyper-V Send IPI Hypercalls
CVE-2025-21779

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21779?

A vulnerability in the KVM component of the Linux kernel could allow malicious actors to exploit Hyper-V's SEND_IPI hypercalls. This flaw occurs when the local Advanced Programmable Interrupt Controller (APIC) is not properly managed, leading to potential system crashes or instability. By advertising the support for these hypercalls only when the local APIC is emulated by KVM, the vulnerability is mitigated. It is essential for administrators to ensure they are running an updated version of the Linux kernel to avoid exploitation through this flaw, which could expose systems to severe operational risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 214ff83d4473a7757fa18a64dc7efe3b0e158486 < 61224533f2b61e252b03e214195d27d64b22989a

Linux 214ff83d4473a7757fa18a64dc7efe3b0e158486 < 45fa526b0f5a34492ed0536c3cdf88b78380e4de

Linux 214ff83d4473a7757fa18a64dc7efe3b0e158486 < 5393cf22312418262679eaadb130d608c75fe690

References

https://git.kernel.org/stable/c/61224533f2b61e252b03e2141...
https://git.kernel.org/stable/c/45fa526b0f5a34492ed0536c3...
https://git.kernel.org/stable/c/5393cf22312418262679eaadb...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.