U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-37885 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst case scenario can result in use-after-free, e.g. if the VM is torn down, but the underlying host IRQ isn't freed.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/023816bd5fa46fab94d1e7917fe131b79ed1fb41 kernel.org Patch 
https://git.kernel.org/stable/c/116c7d35b8f72eac383b9fd371d7c1a8ffc2968b kernel.org Patch 
https://git.kernel.org/stable/c/3066ec21d1a33896125747f68638725f456308db kernel.org Patch 
https://git.kernel.org/stable/c/3481fd96d801715942b6f69fe251133128156f30 kernel.org Patch 
https://git.kernel.org/stable/c/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 kernel.org Patch 
https://git.kernel.org/stable/c/b5de7ac74f69603ad803c524b840bffd36368fc3 kernel.org Patch 
https://git.kernel.org/stable/c/e5f2dee9f7fcd2ff4b97869f3c66a0d89c167769 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html CVE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html CVE Mailing List  Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-37885
NVD Published Date:
05/09/2025
NVD Last Modified:
11/12/2025
Source:
kernel.org