CVE-2025-37885

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst case scenario can result in use-after-free, e.g. if the VM is torn down, but the underlying host IRQ isn't freed.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41	Patch
https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b	Patch
https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db	Patch
https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30	Patch
https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2	Patch
https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3	Patch
https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc3::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

12 Nov 2025, 19:36

Type	Values Removed	Values Added
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41 -~~	() https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41 - Patch
References	~~() https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b -~~	() https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b - Patch
References	~~() https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db -~~	() https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db - Patch
References	~~() https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30 -~~	() https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30 - Patch
References	~~() https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 -~~	() https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 - Patch
References	~~() https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3 -~~	() https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3 - Patch
References	~~() https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769 -~~	() https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html - Mailing List, Third Party Advisory
First Time		Linux linux Kernel Debian Debian debian Linux Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc3:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

Information

Published : 2025-05-09 07:16

Updated : 2025-11-12 19:36

NVD link : CVE-2025-37885

Mitre link : CVE-2025-37885

CVE.ORG link : CVE-2025-37885

JSON object : View

Products Affected

linux

linux_kernel

debian

debian_linux

CWE

CWE-416

Use After Free

7.8 /10