DROPPED: [SRU][J][PATCH 0/1] CVE-2025-37849
Edoardo Canepa
edoardo.canepa at canonical.com
Fri Feb 6 11:34:29 UTC 2026
Dropped from jammy:linux/master-next. Thanks.
On 2/5/26 15:56, Massimiliano Pellizzer wrote:
> [ Impact ]
>
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> If kvm_arch_vcpu_create() fails to share the vCPU page with the
> hypervisor, we propagate the error back to the ioctl but leave the
> vGIC vCPU data initialised. Note only does this leak the corresponding
> memory when the vCPU is destroyed but it can also lead to use-after-free
> if the redistributor device handling tries to walk into the vCPU.
>
> Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the
> vGIC vCPU structures are destroyed on error.
>
> [ Fix ]
>
> Backport fix commit from mainline:
> - 250f25367b58d KVM: arm64: Tear down vGIC on failed vCPU creation
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Regression Potential ]
>
> The regression potential is minimal. The patch affects only arm64
> error path when create_hyp_mappings() fails during vCPU creation.
>
>
> Will Deacon (1):
> KVM: arm64: Tear down vGIC on failed vCPU creation
>
> arch/arm64/kvm/arm.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260206/5a875cfa/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260206/5a875cfa/attachment.sig>
More information about the kernel-team
mailing list