In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()
Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the
initialization of the local memcache variable in user_mem_abort()
conditional, leaving a codepath where it is used uninitialized via
kvm_pgtable_stage2_map().
This can fail on any path that requires a stage-2 allocation
without transition via a permission fault or dirty logging.
Fix this by making sure that memcache is always valid.
References
Configurations
Configuration 1 (hide)
|
History
14 Nov 2025, 16:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://git.kernel.org/stable/c/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c - Patch | |
| References | () https://git.kernel.org/stable/c/a26d50f8a4a5049e956984797b5d0dedea4bbb18 - Patch | |
| CPE | cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Linux linux Kernel
Linux |
|
| CWE | CWE-908 |
Information
Published : 2025-05-29 14:15
Updated : 2025-11-14 16:58
NVD link : CVE-2025-37996
Mitre link : CVE-2025-37996
CVE.ORG link : CVE-2025-37996
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-908
Use of Uninitialized Resource