CVE-2025-37819
- Source
- https://cve.org/CVERecord?id=CVE-2025-37819
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37819.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37819
- Downstream
- Related
- Published
- 2025-05-08T06:26:13.975Z
- Modified
- 2026-03-11T07:52:44.004715Z
- Summary
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v2m: Prevent use after free of gicv2mgetfwnode()
With ACPI in place, gicv2mgetfwnode() is registered with the pci subsystem as pcimsigetfwnodecb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger:
Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2mgetfwnode+0x0/0x58 (P) pcisetbusmsidomain+0x74/0x88 pciregisterhost_bridge+0x194/0x548
This is easily reproducible on a Juno board with ACPI boot.
Retain the function for later use.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37819.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0c241dedc43a036599757cd08f356253fa3e5014
- https://git.kernel.org/stable/c/2f2803e4b5e4df2b08d378deaab78b1681ef9b30
- https://git.kernel.org/stable/c/3318dc299b072a0511d6dfd8367f3304fb6d9827
- https://git.kernel.org/stable/c/3939d6f29d34cdb60e3f68b76e39e00a964a1d51
- https://git.kernel.org/stable/c/47bee0081b483b077c7560bc5358ad101f89c8ef
- https://git.kernel.org/stable/c/b63de43af8d215b0499eac28b2caa4439183efc1
- https://git.kernel.org/stable/c/dc0d654eb4179b06d3206e4396d072108b9ba082
- https://git.kernel.org/stable/c/f95659affee301464f0d058d528d96b35b452da8
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37819.json
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-37819
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0644b3daca28dcb320373ae20069c269c9386304Fixed0c241dedc43a036599757cd08f356253fa3e5014Fixedb63de43af8d215b0499eac28b2caa4439183efc1Fixedf95659affee301464f0d058d528d96b35b452da8Fixeddc0d654eb4179b06d3206e4396d072108b9ba082Fixed2f2803e4b5e4df2b08d378deaab78b1681ef9b30Fixed3939d6f29d34cdb60e3f68b76e39e00a964a1d51Fixed47bee0081b483b077c7560bc5358ad101f89c8efFixed3318dc299b072a0511d6dfd8367f3304fb6d9827