Acknowledged
Created: May 13, 2025
Updated: May 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Tear down vGIC on failed vCPU creation\n\nIf kvm_arch_vcpu_create() fails to share the vCPU page with the\nhypervisor, we propagate the error back to the ioctl but leave the\nvGIC vCPU data initialised. Note only does this leak the corresponding\nmemory when the vCPU is destroyed but it can also lead to use-after-free\nif the redistributor device handling tries to walk into the vCPU.\n\nAdd the missing cleanup to kvm_arch_vcpu_create(), ensuring that the\nvGIC vCPU structures are destroyed on error.\n']
CREATE(Triage):(User=myu2) [CVE-2025-37849 (https://nvd.nist.gov/vuln/detail/CVE-2025-37849)
