NACK: [SRU][J][PATCH 0/1] CVE-2025-37849
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Fri Feb 6 11:23:36 UTC 2026
On Fri, 6 Feb 2026 at 10:08, Manuel Diewald
<manuel.diewald at canonical.com> wrote:
>
> On Thu, Feb 05, 2026 at 03:56:15PM +0100, Massimiliano Pellizzer wrote:
> > [ Impact ]
> >
> > KVM: arm64: Tear down vGIC on failed vCPU creation
> >
> > If kvm_arch_vcpu_create() fails to share the vCPU page with the
> > hypervisor, we propagate the error back to the ioctl but leave the
> > vGIC vCPU data initialised. Note only does this leak the corresponding
> > memory when the vCPU is destroyed but it can also lead to use-after-free
> > if the redistributor device handling tries to walk into the vCPU.
> >
> > Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the
> > vGIC vCPU structures are destroyed on error.
> >
> > [ Fix ]
> >
> > Backport fix commit from mainline:
> > - 250f25367b58d KVM: arm64: Tear down vGIC on failed vCPU creation
> >
> > [ Test Plan ]
> >
> > Compile tested only.
> >
> > [ Regression Potential ]
> >
> > The regression potential is minimal. The patch affects only arm64
> > error path when create_hyp_mappings() fails during vCPU creation.
> >
> >
> > Will Deacon (1):
> > KVM: arm64: Tear down vGIC on failed vCPU creation
> >
> > arch/arm64/kvm/arm.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > --
> > 2.51.0
> >
> >
> > --
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
> Acked-by: Manuel Diewald <manuel.diewald at canonical.com>
>
> --
> Manuel
NACK because further investigation is required on some locking missing in 5.15
--
Massimiliano Pellizzer
More information about the kernel-team
mailing list