CVE-2025-37819 – “Linux Kernel GICv2m Use After Free Vulnerability in irqchip”

May 8, 2025

CVE ID : CVE-2025-37819

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()

With ACPI in place, gicv2m_get_fwnode() is registered with the pci
subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime
during a PCI host bridge probe. But, the call back is wrongly marked as
__init, causing it to be freed, while being registered with the PCI
subsystem and could trigger:

Unable to handle kernel paging request at virtual address ffff8000816c0400
gicv2m_get_fwnode+0x0/0x58 (P)
pci_set_bus_msi_domain+0x74/0x88
pci_register_host_bridge+0x194/0x548

This is easily reproducible on a Juno board with ACPI boot.

Retain the function for later use.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-37823 – Linux Kernel Net-Sched HFSC Use-After-Free Vulnerability

Next Article CVE-2025-37827 – Here is a title for the vulnerability: “btrfs: RAID1 Profile Write Pointer Offset Mismatch NULL Pointer Dereference”

Highlights

CVE-2025-38085 – Linux Kernel: Huge Page Table Unshare Race Condition Vulnerability

June 28, 2025

CVE ID : CVE-2025-38085

Published : June 28, 2025, 8:15 a.m. | 3 hours, 1 minute ago

Description : In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

huge_pmd_unshare() drops a reference on a page table that may have
previously been shared across processes, potentially turning it into a
normal page table used in another process in which unrelated VMAs can
afterwards be installed.

If this happens in the middle of a concurrent gup_fast(), gup_fast() could
end up walking the page tables of another process. While I don’t see any
way in which that immediately leads to kernel memory corruption, it is
really weird and unexpected.

Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),
just like we do in khugepaged when removing page tables for a THP
collapse.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

DistroWatch Weekly, Issue 1139

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-37819 – “Linux Kernel GICv2m Use After Free Vulnerability in irqchip”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Distribution Release: Wifislax 4.0

CVE-2022-50223 – LoongArch Linux Kernel CPUInfo Information Disclosure Vulnerability

Negative Emotions in UX Design

‘Final Fantasy Tactics’ highlights the lack of organic growth for Xbox Play Anywhere and the Xbox PC store

CVE-2025-38085 – Linux Kernel: Huge Page Table Unshare Race Condition Vulnerability

Hands on: Windows 11 has a hidden native clipboard sync for Android, also works with Gboard

Next.js PWA offline capability with Service Worker, no extra package

Affect Models Have Weak Generalizability to Atypical Speech

CVE-2025-37819 – “Linux Kernel GICv2m Use After Free Vulnerability in irqchip”

Related Posts