CVE-2025-37996

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map().

This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging.

Fix this by making sure that memcache is always valid.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfce886a6020734d6253c2c5a3bc285e385cc5496 < a26d50f8a4a5049e956984797b5d0dedea4bbb18affected
LinuxLinuxfce886a6020734d6253c2c5a3bc285e385cc5496 < 157dbc4a321f5bb6f8b6c724d12ba720a90f1a7caffected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.14.7 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References