{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21779","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.764Z","datePublished":"2025-02-27T02:18:23.001Z","dateUpdated":"2025-11-03T20:59:24.679Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:21:00.210Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel\n\nAdvertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don't rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n  dump_stack+0xbe/0xfd\n  __kasan_report.cold+0x34/0x84\n  kasan_report+0x3a/0x50\n  __apic_accept_irq+0x3a/0x5c0\n  kvm_hv_send_ipi.isra.0+0x34e/0x820\n  kvm_hv_hypercall+0x8d9/0x9d0\n  kvm_emulate_hypercall+0x506/0x7e0\n  __vmx_handle_exit+0x283/0xb60\n  vmx_handle_exit+0x1d/0xd0\n  vcpu_enter_guest+0x16b0/0x24c0\n  vcpu_run+0xc0/0x550\n  kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n  kvm_vcpu_ioctl+0x413/0xb20\n  __se_sys_ioctl+0x111/0x160\n  do_syscal1_64+0x30/0x40\n  entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan't be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kvm/hyperv.c"],"versions":[{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"61224533f2b61e252b03e214195d27d64b22989a","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"45fa526b0f5a34492ed0536c3cdf88b78380e4de","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"5393cf22312418262679eaadb130d608c75fe690","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"874ff13c73c45ecb38cb82191e8c1d523f0dc81b","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"aca8be4403fb90db7adaf63830e27ebe787a76e8","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"ca29f58ca374c40a0e69c5306fc5c940a0069074","status":"affected","versionType":"git"},{"version":"214ff83d4473a7757fa18a64dc7efe3b0e158486","lessThan":"a8de7f100bb5989d9c3627d3a223ee1c863f3b69","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kvm/hyperv.c"],"versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","status":"unaffected","versionType":"semver"},{"version":"5.10.236","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.179","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.79","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.16","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.4","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.236"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.15.179"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.6.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.12.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.13.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/61224533f2b61e252b03e214195d27d64b22989a"},{"url":"https://git.kernel.org/stable/c/45fa526b0f5a34492ed0536c3cdf88b78380e4de"},{"url":"https://git.kernel.org/stable/c/5393cf22312418262679eaadb130d608c75fe690"},{"url":"https://git.kernel.org/stable/c/874ff13c73c45ecb38cb82191e8c1d523f0dc81b"},{"url":"https://git.kernel.org/stable/c/aca8be4403fb90db7adaf63830e27ebe787a76e8"},{"url":"https://git.kernel.org/stable/c/ca29f58ca374c40a0e69c5306fc5c940a0069074"},{"url":"https://git.kernel.org/stable/c/a8de7f100bb5989d9c3627d3a223ee1c863f3b69"}],"title":"KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:59:24.679Z"}}]}}