CVE-2025-37819

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37819
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37819.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37819
Downstream
Related
Published
2025-05-08T07:15:53Z
Modified
2025-08-13T00:00:22Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v2m: Prevent use after free of gicv2mgetfwnode()

With ACPI in place, gicv2mgetfwnode() is registered with the pci subsystem as pcimsigetfwnodecb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger:

Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2mgetfwnode+0x0/0x58 (P) pcisetbusmsidomain+0x74/0x88 pciregisterhost_bridge+0x194/0x548

This is easily reproducible on a Juno board with ACPI boot.

Retain the function for later use.

References

Affected packages