{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40160","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.176Z","datePublished":"2025-11-12T10:24:36.429Z","dateUpdated":"2026-05-11T21:43:53.978Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:43:53.978Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: Return -EEXIST for bound VIRQs\n\nChange find_virq() to return -EEXIST when a VIRQ is bound to a\ndifferent CPU than the one passed in.  With that, remove the BUG_ON()\nfrom bind_virq_to_irq() to propogate the error upwards.\n\nSome VIRQs are per-cpu, but others are per-domain or global.  Those must\nbe bound to CPU0 and can then migrate elsewhere.  The lookup for\nper-domain and global will probably fail when migrated off CPU 0,\nespecially when the current CPU is tracked.  This now returns -EEXIST\ninstead of BUG_ON().\n\nA second call to bind a per-domain or global VIRQ is not expected, but\nmake it non-fatal to avoid trying to look up the irq, since we don't\nknow which per_cpu(virq_to_irq) it will be in."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/xen/events/events_base.c"],"versions":[{"version":"62cc5fc7b2e0218144e162afb8191db9b924b5e6","lessThan":"612ef6056855c0aacb9b25d1d853c435754483f7","status":"affected","versionType":"git"},{"version":"62cc5fc7b2e0218144e162afb8191db9b924b5e6","lessThan":"a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa","status":"affected","versionType":"git"},{"version":"62cc5fc7b2e0218144e162afb8191db9b924b5e6","lessThan":"f81db055a793eca9d05f79658ff62adafb41d664","status":"affected","versionType":"git"},{"version":"62cc5fc7b2e0218144e162afb8191db9b924b5e6","lessThan":"07ce121d93a5e5fb2440a24da3dbf408fcee978e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/xen/events/events_base.c"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"6.6.113","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.54","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.4","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.6.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.12.54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.17.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7"},{"url":"https://git.kernel.org/stable/c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa"},{"url":"https://git.kernel.org/stable/c/f81db055a793eca9d05f79658ff62adafb41d664"},{"url":"https://git.kernel.org/stable/c/07ce121d93a5e5fb2440a24da3dbf408fcee978e"}],"title":"xen/events: Return -EEXIST for bound VIRQs","x_generator":{"engine":"bippy-1.2.0"}}}}