CVE-2025-21779
- Source
- https://cve.org/CVERecord?id=CVE-2025-21779
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21779.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21779
- Downstream
- Related
- Published
- 2025-02-27T02:18:23.001Z
- Modified
- 2026-03-20T12:41:10.112222Z
- Summary
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
Advertise support for Hyper-V's SENDIPI and SENDIPIEX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVMCAPHYPERVENFORCE_CPUID.
Rejecting SENDIPI and SENDIPI_EX fixes a NULL-pointer dereference if Hyper-V enlightenments are exposed to the guest without an in-kernel local APIC:
dump_stack+0xbe/0xfd __kasanreport.cold+0x34/0x84 kasanreport+0x3a/0x50 __apicacceptirq+0x3a/0x5c0 kvmhvsend_ipi.isra.0+0x34e/0x820 kvmhvhypercall+0x8d9/0x9d0 kvmemulatehypercall+0x506/0x7e0 __vmxhandleexit+0x283/0xb60 vmx_handleexit+0x1d/0xd0 vcpuenterguest+0x16b0/0x24c0 vcpurun+0xc0/0x550 kvmarchvcpuioctlrun+0x170/0x6d0 kvmvcpuioctl+0x413/0xb20 __sesysioctl+0x111/0x160 dosyscal164+0x30/0x40 entrySYSCALL64afterhwframe+0x67/0xd1
Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode can't be modified after vCPUs are created, i.e. if one vCPU has an in-kernel local APIC, then all vCPUs have an in-kernel local APIC.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21779.json" }- References
-
- https://git.kernel.org/stable/c/45fa526b0f5a34492ed0536c3cdf88b78380e4de
- https://git.kernel.org/stable/c/5393cf22312418262679eaadb130d608c75fe690
- https://git.kernel.org/stable/c/61224533f2b61e252b03e214195d27d64b22989a
- https://git.kernel.org/stable/c/874ff13c73c45ecb38cb82191e8c1d523f0dc81b
- https://git.kernel.org/stable/c/a8de7f100bb5989d9c3627d3a223ee1c863f3b69
- https://git.kernel.org/stable/c/aca8be4403fb90db7adaf63830e27ebe787a76e8
- https://git.kernel.org/stable/c/ca29f58ca374c40a0e69c5306fc5c940a0069074
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21779.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-21779
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced214ff83d4473a7757fa18a64dc7efe3b0e158486Fixed61224533f2b61e252b03e214195d27d64b22989aFixed45fa526b0f5a34492ed0536c3cdf88b78380e4deFixed5393cf22312418262679eaadb130d608c75fe690Fixed874ff13c73c45ecb38cb82191e8c1d523f0dc81bFixedaca8be4403fb90db7adaf63830e27ebe787a76e8Fixedca29f58ca374c40a0e69c5306fc5c940a0069074Fixeda8de7f100bb5989d9c3627d3a223ee1c863f3b69