CVE-2025-37996

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Published: 5/29/2025 Last updated: 5/11/2026 Reserved: 4/16/2025

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map(). This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging. Fix this by making sure that memcache is always valid.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	n/a
Linux	Linux	Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1.
Linux	Linux	12.1.3
Linux	Linux	12.2.3

CVE-2025-37996

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Opam packages affected (29)

Products affected (4)

References (4)