CVE-2025-40160

Linux Kernel - Denial of Service via VIRQ Binding Error Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in.

Scores

EPSS 0.0018
EPSS Percentile 7.9%

Details

Status published
Products (14)
linux/Kernel < 6.6.113linux
linux/Kernel 3.2.0 - 6.6.113linux
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 3.2
Linux/Linux 3.2
Linux/Linux 6.12.54 - 6.12.*
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
Linux/Linux 6.6.113 - 6.6.*
... and 4 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026