CVE-2025-37819
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.08%• Percentile: 24%
Techniques & Countermeasures
- CWE-416•Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Affected Systems
- debian•debian_linux
11.0
- linux•linux
≥ 0644b3daca28dcb320373ae20069c269c9386304, < 0c241dedc43a036599757cd08f356253fa3e5014 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < b63de43af8d215b0499eac28b2caa4439183efc1 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < f95659affee301464f0d058d528d96b35b452da8 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < dc0d654eb4179b06d3206e4396d072108b9ba082 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < 2f2803e4b5e4df2b08d378deaab78b1681ef9b30 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < 3939d6f29d34cdb60e3f68b76e39e00a964a1d51 | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < 47bee0081b483b077c7560bc5358ad101f89c8ef | ≥ 0644b3daca28dcb320373ae20069c269c9386304, < 3318dc299b072a0511d6dfd8367f3304fb6d9827 | 4.5
- linux•linux_kernel
≥ 4.5, < 5.4.294 | ≥ 5.5, < 5.10.238 | ≥ 5.11, < 5.15.182 | ≥ 5.16, < 6.1.138 | ≥ 6.2, < 6.6.89 | ≥ 6.7, < 6.12.26 | ≥ 6.13, < 6.14.5 | 6.15:rc1 | 6.15:rc2 | 6.15:rc3
References (10)
- https://git.kernel.org/stable/c/0c241dedc43a036599757cd08f356253fa3e5014
- https://git.kernel.org/stable/c/b63de43af8d215b0499eac28b2caa4439183efc1
- https://git.kernel.org/stable/c/f95659affee301464f0d058d528d96b35b452da8
- https://git.kernel.org/stable/c/dc0d654eb4179b06d3206e4396d072108b9ba082
- https://git.kernel.org/stable/c/2f2803e4b5e4df2b08d378deaab78b1681ef9b30
- https://git.kernel.org/stable/c/3939d6f29d34cdb60e3f68b76e39e00a964a1d51
- https://git.kernel.org/stable/c/47bee0081b483b077c7560bc5358ad101f89c8ef
- https://git.kernel.org/stable/c/3318dc299b072a0511d6dfd8367f3304fb6d9827
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html