[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40026":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":85,"related":86,"reserved_at":9,"published_at":91,"modified_at":92,"state":93,"summary":94,"references_raw":98,"kevs":137,"epss":138,"epss_history":141,"metrics":414,"affected":415},"CVE-2025-40026","In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Don't (re)check L1 intercepts when completing userspace I/O\n\nWhen completing emulation of instruction that generated a userspace exit\nfor I/O, don't recheck L1 intercepts as KVM has already finished that\nphase of instruction execution, i.e. has already committed to allowing L2\nto perform I/O.  If L1 (or host userspace) modifies the I/O permission\nbitmaps during the exit to userspace,  KVM will treat the access as being\nintercepted despite already having emulated the I/O access.\n\nPivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the\nintended \"recipient\") can reach the code in question.  gp_interception()'s\nuse is mutually exclusive with is_guest_mode(), and\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with\nEMULTYPE_SKIP.\n\nThe bad behavior was detected by a syzkaller program that toggles port I/O\ninterception during the userspace I/O exit, ultimately resulting in a WARN\non vcpu->arch.pio.count being non-zero due to KVM no completing emulation\nof the I/O instruction.\n\n  WARNING: CPU: 23 PID: 1083 at arch/x86/kvm/x86.c:8039 emulator_pio_in_out+0x154/0x170 [kvm]\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:emulator_pio_in_out+0x154/0x170 [kvm]\n  PKRU: 55555554\n  Call Trace:\n   \u003CTASK>\n   kvm_fast_pio+0xd6/0x1d0 [kvm]\n   vmx_handle_exit+0x149/0x610 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xda8/0x1ac0 [kvm]\n   kvm_vcpu_ioctl+0x244/0x8c0 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0x5d/0xc60\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n   \u003C/TASK>",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83],{"_key":16},"DLA-4379-1",{"_key":18},"DSA-6053-1",{"_key":20},"OPENSUSE-SU-2026:10301-1",{"_key":22},"OPENSUSE-SU-2025:15702-1",{"_key":24},"MGASA-2025-0309",{"_key":26},"MGASA-2025-0310",{"_key":28},"USN-7906-3",{"_key":30},"USN-8033-1",{"_key":32},"USN-8033-2",{"_key":34},"USN-8033-3",{"_key":36},"USN-8033-4",{"_key":38},"USN-8033-5",{"_key":40},"USN-8033-6",{"_key":42},"USN-8033-7",{"_key":44},"USN-8033-8",{"_key":46},"USN-8034-1",{"_key":48},"USN-8034-2",{"_key":50},"DEBIAN-CVE-2025-40026",{"_key":52},"USN-8095-1",{"_key":54},"USN-8095-2",{"_key":56},"USN-8095-3",{"_key":58},"USN-8095-4",{"_key":60},"USN-8095-5",{"_key":62},"USN-8100-1",{"_key":64},"USN-8125-1",{"_key":66},"USN-8165-1",{"_key":68},"USN-8141-1",{"_key":70},"USN-8163-1",{"_key":72},"USN-8163-2",{"_key":74},"USN-8126-1",{"_key":76},"USN-8243-1",{"_key":78},"UBUNTU-CVE-2025-40026",{"_key":80},"USN-7906-1",{"_key":82},"USN-7906-2",{"_key":84},"USN-8261-1",[],[87,88,89,90],{"_key":20},{"_key":22},{"_key":24},{"_key":26},"2025-10-28T09:32:33.075Z","2026-05-11T21:41:03.028Z","Deferred",{"cisa_kev":95,"cisa_ransomware":95,"cisa_vendor":9,"epss_severity":96,"epss_score":97,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":93},false,"low",0.00105,[99,105,109,113,117,121,125,129,133],{"url":100,"sources":101,"tags":104},"https://git.kernel.org/stable/c/a908eca437789589dd4624da428614c1275064dc",[102,103],"cve.org","nvd",[],{"url":106,"sources":107,"tags":108},"https://git.kernel.org/stable/c/00338255bb1f422642fb2798ebe92e93b6e4209b",[102,103],[],{"url":110,"sources":111,"tags":112},"https://git.kernel.org/stable/c/e0ce3ed1048a47986d15aef1a98ebda25560d257",[102,103],[],{"url":114,"sources":115,"tags":116},"https://git.kernel.org/stable/c/ba35a5d775799ce5ad60230be97336f2fefd518e",[102,103],[],{"url":118,"sources":119,"tags":120},"https://git.kernel.org/stable/c/3d3abf3f7e8b1abb082070a343de82d7efc80523",[102,103],[],{"url":122,"sources":123,"tags":124},"https://git.kernel.org/stable/c/e7177c7e32cb806f348387b7f4faafd4a5b32054",[102,103],[],{"url":126,"sources":127,"tags":128},"https://git.kernel.org/stable/c/3a062a5c55adc5507600b9ae6d911e247e2f1d6e",[102,103],[],{"url":130,"sources":131,"tags":132},"https://git.kernel.org/stable/c/7366830642505683bbe905a2ba5d18d6e4b512b8",[102,103],[],{"url":134,"sources":135,"tags":136},"https://git.kernel.org/stable/c/e750f85391286a4c8100275516973324b621a269",[102,103],[],[],{"date":139,"score":97,"percentile":140},"2026-06-04",0.28034,[142,146,149,152,155,158,160,163,166,169,172,175,178,181,184,188,191,194,197,200,203,206,209,213,216,219,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,270,273,276,279,282,285,288,292,295,298,301,304,307,310,313,316,319,322,325,328,332,335,338,341,344,347,350,353,356,359,361,364,367,370,373,376,379,382,385,388,391,394,397,400,402,405,408,411],{"date":143,"score":144,"percentile":145},"2025-11-04",0.00041,0.12185,{"date":147,"score":144,"percentile":148},"2025-11-05",0.12214,{"date":150,"score":144,"percentile":151},"2025-11-06",0.12314,{"date":153,"score":144,"percentile":154},"2025-11-07",0.12331,{"date":156,"score":144,"percentile":157},"2025-11-08",0.12334,{"date":159,"score":144,"percentile":151},"2025-11-09",{"date":161,"score":144,"percentile":162},"2025-11-10",0.12262,{"date":164,"score":144,"percentile":165},"2025-11-11",0.12281,{"date":167,"score":144,"percentile":168},"2025-11-12",0.12276,{"date":170,"score":144,"percentile":171},"2025-11-13",0.12291,{"date":173,"score":144,"percentile":174},"2025-11-14",0.12308,{"date":176,"score":144,"percentile":177},"2025-11-15",0.12296,{"date":179,"score":144,"percentile":180},"2025-11-16",0.12286,{"date":182,"score":144,"percentile":183},"2025-11-17",0.12267,{"date":185,"score":186,"percentile":187},"2025-11-18",0.00042,0.08065,{"date":189,"score":186,"percentile":190},"2025-11-19",0.08078,{"date":192,"score":186,"percentile":193},"2025-11-20",0.08111,{"date":195,"score":144,"percentile":196},"2025-11-21",0.12294,{"date":198,"score":144,"percentile":199},"2025-11-22",0.12303,{"date":201,"score":144,"percentile":202},"2025-11-23",0.1229,{"date":204,"score":144,"percentile":205},"2025-11-24",0.12245,{"date":207,"score":144,"percentile":208},"2025-11-25",0.12252,{"date":210,"score":211,"percentile":212},"2025-11-26",0.00072,0.22091,{"date":214,"score":211,"percentile":215},"2025-11-27",0.22053,{"date":217,"score":211,"percentile":218},"2025-11-28",0.22032,{"date":220,"score":221,"percentile":222},"2025-11-29",0.00079,0.23631,{"date":224,"score":221,"percentile":225},"2025-11-30",0.23625,{"date":227,"score":221,"percentile":228},"2025-12-01",0.23661,{"date":230,"score":221,"percentile":231},"2025-12-02",0.23678,{"date":233,"score":221,"percentile":234},"2025-12-03",0.23693,{"date":236,"score":221,"percentile":237},"2025-12-04",0.23621,{"date":239,"score":221,"percentile":240},"2025-12-05",0.23668,{"date":242,"score":221,"percentile":243},"2025-12-06",0.23666,{"date":245,"score":221,"percentile":246},"2025-12-07",0.23629,{"date":248,"score":221,"percentile":249},"2025-12-08",0.23638,{"date":251,"score":221,"percentile":252},"2025-12-09",0.23697,{"date":254,"score":221,"percentile":255},"2025-12-10",0.23766,{"date":257,"score":221,"percentile":258},"2025-12-11",0.23801,{"date":260,"score":221,"percentile":261},"2025-12-12",0.23817,{"date":263,"score":221,"percentile":264},"2025-12-13",0.23819,{"date":266,"score":221,"percentile":267},"2025-12-14",0.23788,{"date":269,"score":221,"percentile":255},"2025-12-15",{"date":271,"score":221,"percentile":272},"2025-12-16",0.23787,{"date":274,"score":221,"percentile":275},"2025-12-17",0.23866,{"date":277,"score":221,"percentile":278},"2025-12-18",0.2389,{"date":280,"score":221,"percentile":281},"2025-12-19",0.2391,{"date":283,"score":221,"percentile":284},"2025-12-20",0.23879,{"date":286,"score":221,"percentile":287},"2025-12-21",0.2382,{"date":289,"score":290,"percentile":291},"2025-12-22",0.00065,0.20514,{"date":293,"score":290,"percentile":294},"2025-12-23",0.2051,{"date":296,"score":290,"percentile":297},"2025-12-24",0.20542,{"date":299,"score":290,"percentile":300},"2025-12-25",0.20625,{"date":302,"score":290,"percentile":303},"2025-12-26",0.20619,{"date":305,"score":290,"percentile":306},"2025-12-27",0.20617,{"date":308,"score":290,"percentile":309},"2025-12-28",0.20578,{"date":311,"score":290,"percentile":312},"2025-12-29",0.20535,{"date":314,"score":290,"percentile":315},"2025-12-30",0.20523,{"date":317,"score":290,"percentile":318},"2025-12-31",0.2058,{"date":320,"score":290,"percentile":321},"2026-01-01",0.20671,{"date":323,"score":290,"percentile":324},"2026-01-02",0.20675,{"date":326,"score":290,"percentile":327},"2026-01-03",0.20662,{"date":329,"score":330,"percentile":331},"2026-01-04",0.00068,0.21306,{"date":333,"score":330,"percentile":334},"2026-01-05",0.21297,{"date":336,"score":330,"percentile":337},"2026-01-06",0.2131,{"date":339,"score":330,"percentile":340},"2026-01-07",0.21345,{"date":342,"score":330,"percentile":343},"2026-01-08",0.21397,{"date":345,"score":330,"percentile":346},"2026-01-09",0.21392,{"date":348,"score":330,"percentile":349},"2026-01-10",0.21372,{"date":351,"score":330,"percentile":352},"2026-01-11",0.21342,{"date":354,"score":330,"percentile":355},"2026-01-12",0.21308,{"date":357,"score":330,"percentile":358},"2026-01-13",0.21284,{"date":360,"score":330,"percentile":340},"2026-01-14",{"date":362,"score":330,"percentile":363},"2026-01-15",0.2135,{"date":365,"score":330,"percentile":366},"2026-01-16",0.21379,{"date":368,"score":330,"percentile":369},"2026-01-17",0.21386,{"date":371,"score":330,"percentile":372},"2026-01-18",0.21333,{"date":374,"score":330,"percentile":375},"2026-01-19",0.21287,{"date":377,"score":330,"percentile":378},"2026-01-20",0.21265,{"date":380,"score":330,"percentile":381},"2026-01-21",0.21225,{"date":383,"score":330,"percentile":384},"2026-01-22",0.212,{"date":386,"score":330,"percentile":387},"2026-01-23",0.21291,{"date":389,"score":330,"percentile":390},"2026-01-24",0.21313,{"date":392,"score":330,"percentile":393},"2026-01-25",0.21234,{"date":395,"score":330,"percentile":396},"2026-01-26",0.21125,{"date":398,"score":330,"percentile":399},"2026-01-27",0.21119,{"date":401,"score":330,"percentile":399},"2026-01-28",{"date":403,"score":330,"percentile":404},"2026-01-29",0.21079,{"date":406,"score":330,"percentile":407},"2026-01-30",0.21082,{"date":409,"score":330,"percentile":410},"2026-01-31",0.21087,{"date":412,"score":330,"percentile":413},"2026-02-01",0.21128,[],[416],{"ecosystem":9,"name":417,"vendor":418,"product":418,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"Linux","linux","a",[421,428,431,434,437,440,443,446,449,452],{"version":422,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":426,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C a908eca437789589dd4624da428614c1275064dc",true,"8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9","including","a908eca437789589dd4624da428614c1275064dc","excluding",{"version":429,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":430,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C 00338255bb1f422642fb2798ebe92e93b6e4209b","00338255bb1f422642fb2798ebe92e93b6e4209b",{"version":432,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":433,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C e0ce3ed1048a47986d15aef1a98ebda25560d257","e0ce3ed1048a47986d15aef1a98ebda25560d257",{"version":435,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":436,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C ba35a5d775799ce5ad60230be97336f2fefd518e","ba35a5d775799ce5ad60230be97336f2fefd518e",{"version":438,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":439,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C 3d3abf3f7e8b1abb082070a343de82d7efc80523","3d3abf3f7e8b1abb082070a343de82d7efc80523",{"version":441,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":442,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C e7177c7e32cb806f348387b7f4faafd4a5b32054","e7177c7e32cb806f348387b7f4faafd4a5b32054",{"version":444,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":445,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C 3a062a5c55adc5507600b9ae6d911e247e2f1d6e","3a062a5c55adc5507600b9ae6d911e247e2f1d6e",{"version":447,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":448,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C 7366830642505683bbe905a2ba5d18d6e4b512b8","7366830642505683bbe905a2ba5d18d6e4b512b8",{"version":450,"is_range":423,"range_type":102,"version_start":424,"version_start_type":425,"version_end":451,"version_end_type":427,"fixed_in":9},">= 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9, \u003C e750f85391286a4c8100275516973324b621a269","e750f85391286a4c8100275516973324b621a269",{"version":453,"is_range":95,"range_type":102,"version_start":453,"version_start_type":425,"version_end":453,"version_end_type":425,"fixed_in":9},"3.0"]