CVE-2025-40160

Change findvirq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON() from bindvirqto_irq() to propogate the error upwards.

Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON().

A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which percpu(virqto_irq) it will be in.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40160.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

62cc5fc7b2e0218144e162afb8191db9b924b5e6

Fixed

612ef6056855c0aacb9b25d1d853c435754483f7

Fixed

a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa

Fixed

f81db055a793eca9d05f79658ff62adafb41d664

Fixed

07ce121d93a5e5fb2440a24da3dbf408fcee978e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40160.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2.0

Fixed

6.6.113

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.54

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40160.json"