CVE-2025-37849

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37849
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37849.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37849
Downstream
Related
Published
2025-05-09T06:41:56.874Z
Modified
2026-03-20T12:42:30.519135Z
Summary
KVM: arm64: Tear down vGIC on failed vCPU creation
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Tear down vGIC on failed vCPU creation

If kvmarchvcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU.

Add the missing cleanup to kvmarchvcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37849.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6211753fdfd05af9e08f54c8d0ba3ee516034878
Fixed
07476e0d932afc53c05468076393ac35d0b4999e
Fixed
5085e02362b9948f82fceca979b8f8e12acb1cc5
Fixed
c322789613407647a05ff5c451a7bf545fb34e73
Fixed
2480326eba8ae9ccc5e4c3c2dc8d407db68e3c52
Fixed
f1e9087abaeedec9bf2894a282ee4f0d8383f299
Fixed
250f25367b58d8c65a1b060a2dda037eea09a672

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37849.json"