KVM Vulnerability in Linux Kernel Affecting Arm64 Architecture
CVE-2025-40184

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40184?

A vulnerability in the Linux kernel's KVM module affects the Arm64 architecture. When utilizing transparent huge pages alongside CONFIG_NVHE_EL2_DEBUG, the debug checking mechanism in assert_host_shared_guest() can fail during the launch of a non-persistent guest (np-guest). This failure triggers a kernel panic as a result of a WARN_ON() assertion. The debug verification inaccurately assumes that the memory mapping is confined to a single page, yet it may comprise a block map. The solution involves modifying this check to accommodate variable sizes appropriately.

Affected Version(s)

Linux f28f1d02f4eaac05c2ad6bf7264a8696dc21d011 < 4f7af3d8a1177c807d1f2563c7c171700b020656

Linux f28f1d02f4eaac05c2ad6bf7264a8696dc21d011 < 2ba972bf71cb71d2127ec6c3db1ceb6dd0c73173

Linux 6.16

References

https://git.kernel.org/stable/c/4f7af3d8a1177c807d1f2563c...

https://git.kernel.org/stable/c/2ba972bf71cb71d2127ec6c3d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON