CVE-2025-37819
Published: May 8, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0644b3daca28dcb320373ae20069c269c9386304 - < 0c241dedc43a036599757cd08f356253fa3e5014affected 0644b3daca28dcb320373ae20069c269c9386304 - < b63de43af8d215b0499eac28b2caa4439183efc1affected 0644b3daca28dcb320373ae20069c269c9386304 - < f95659affee301464f0d058d528d96b35b452da8affected 0644b3daca28dcb320373ae20069c269c9386304 - < dc0d654eb4179b06d3206e4396d072108b9ba082affected 0644b3daca28dcb320373ae20069c269c9386304 - < 2f2803e4b5e4df2b08d378deaab78b1681ef9b30+3 more versions |
Linux | Linux | affected 4.5unaffected 0 - < 4.5unaffected 5.4.294 - <= 5.4.*unaffected 5.10.238 - <= 5.10.*unaffected 5.15.182 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now