CVE-2025-21779

{"id": "CVE-2025-21779", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-27T03:15:18.690", "references": [{"url": "https://git.kernel.org/stable/c/45fa526b0f5a34492ed0536c3cdf88b78380e4de", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5393cf22312418262679eaadb130d608c75fe690", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/61224533f2b61e252b03e214195d27d64b22989a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/874ff13c73c45ecb38cb82191e8c1d523f0dc81b", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a8de7f100bb5989d9c3627d3a223ee1c863f3b69", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aca8be4403fb90db7adaf63830e27ebe787a76e8", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ca29f58ca374c40a0e69c5306fc5c940a0069074", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel\n\nAdvertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don't rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan't be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Rechazar las hiperllamadas SEND_IPI de Hyper-V si la API local no est\u00e1 en el kernel Publicitar soporte para las hiperllamadas SEND_IPI y SEND_IPI_EX de Hyper-V si y solo si la API local es emulada/virtualizada por KVM, y rechazar expl\u00edcitamente dichas hiperllamadas si la API local es emulada en el espacio de usuario, es decir, no confiar en el espacio de usuario para optar por KVM_CAP_HYPERV_ENFORCE_CPUID. Rechazar SEND_IPI y SEND_IPI_EX corrige una desreferencia de puntero NULL si las iluminaciones de Hyper-V se exponen al invitado sin una APIC local en el n\u00facleo: dump_stack+0xbe/0xfd __kasan_report.cold+0x34/0x84 kasan_report+0x3a/0x50 __apic_accept_irq+0x3a/0x5c0 kvm_hv_send_ipi.isra.0+0x34e/0x820 kvm_hv_hypercall+0x8d9/0x9d0 kvm_emulate_hypercall+0x506/0x7e0 __vmx_handle_exit+0x283/0xb60 vmx_handle_exit+0x1d/0xd0 vcpu_enter_guest+0x16b0/0x24c0 vcpu_run+0xc0/0x550 kvm_arch_vcpu_ioctl_run+0x170/0x6d0 kvm_vcpu_ioctl+0x413/0xb20 __se_sys_ioctl+0x111/0x160 do_syscal1_64+0x30/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Tenga en cuenta que comprobar la vCPU de env\u00edo es suficiente, ya que el irqchip_mode por VM no se puede modificar despu\u00e9s de crear las vCPU, es decir, si una vCPU tiene una APIC local en el n\u00facleo, entonces todas las vCPU tienen una APIC local en el n\u00facleo."}], "lastModified": "2025-11-03T21:19:09.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66824E11-1AC0-4B97-810E-0A96CEB5FA93", "versionEndExcluding": "6.1.129", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775", "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC", "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}