ACK: [SRU][J][PATCH 0/1] CVE-2025-37849
Benjamin Wheeler
benjamin.wheeler at canonical.com
Thu Feb 5 20:43:59 UTC 2026
Acked-by: Benjamin Wheeler <benjamin.wheeler at canonical.com>
On Thu, Feb 5, 2026 at 9:57 AM Massimiliano Pellizzer <
massimiliano.pellizzer at canonical.com> wrote:
> [ Impact ]
>
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> If kvm_arch_vcpu_create() fails to share the vCPU page with the
> hypervisor, we propagate the error back to the ioctl but leave the
> vGIC vCPU data initialised. Note only does this leak the corresponding
> memory when the vCPU is destroyed but it can also lead to use-after-free
> if the redistributor device handling tries to walk into the vCPU.
>
> Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the
> vGIC vCPU structures are destroyed on error.
>
> [ Fix ]
>
> Backport fix commit from mainline:
> - 250f25367b58d KVM: arm64: Tear down vGIC on failed vCPU creation
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Regression Potential ]
>
> The regression potential is minimal. The patch affects only arm64
> error path when create_hyp_mappings() fails during vCPU creation.
>
>
> Will Deacon (1):
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> arch/arm64/kvm/arm.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260205/09437c07/attachment.html>
More information about the kernel-team
mailing list