ACK: [SRU][J][PATCH 0/1] CVE-2025-37849
Manuel Diewald
manuel.diewald at canonical.com
Fri Feb 6 09:08:38 UTC 2026
On Thu, Feb 05, 2026 at 03:56:15PM +0100, Massimiliano Pellizzer wrote:
> [ Impact ]
>
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> If kvm_arch_vcpu_create() fails to share the vCPU page with the
> hypervisor, we propagate the error back to the ioctl but leave the
> vGIC vCPU data initialised. Note only does this leak the corresponding
> memory when the vCPU is destroyed but it can also lead to use-after-free
> if the redistributor device handling tries to walk into the vCPU.
>
> Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the
> vGIC vCPU structures are destroyed on error.
>
> [ Fix ]
>
> Backport fix commit from mainline:
> - 250f25367b58d KVM: arm64: Tear down vGIC on failed vCPU creation
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Regression Potential ]
>
> The regression potential is minimal. The patch affects only arm64
> error path when create_hyp_mappings() fails during vCPU creation.
>
>
> Will Deacon (1):
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> arch/arm64/kvm/arm.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Manuel Diewald <manuel.diewald at canonical.com>
--
Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260206/544cf438/attachment.sig>
More information about the kernel-team
mailing list