Linux Kernel KVM Vulnerability Affecting Interrupt Routing
CVE-2025-37885

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
9 May 2025

Summary

In the Linux kernel, a vulnerability exists within the Kernel-based Virtual Machine (KVM) component related to interrupt routing. When a new route is not postable, the interrupt routing table entry (IRTE) is not reset to host control, potentially leading to incorrect delivery of interrupts to guest virtual machines. This can cause issues such as dangling IRTEs, which may result in severe consequences like use-after-free errors if the virtual machine is terminated while the host IRQ remains allocated. Proper handling of the IRTE is crucial to ensure reliable and secure virtual machine operations.

Affected Version(s)

Linux efc644048ecde54f016011fe10110addd0de348f

Linux efc644048ecde54f016011fe10110addd0de348f < 116c7d35b8f72eac383b9fd371d7c1a8ffc2968b

Linux efc644048ecde54f016011fe10110addd0de348f < 023816bd5fa46fab94d1e7917fe131b79ed1fb41

References

https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3...
https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd37...
https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-37885 : Linux Kernel KVM Vulnerability Affecting Interrupt Routing | SecurityVulnerability.io