Linux Kernel KVM vGIC Memory Leak and Use-After-Free Vulnerability on Failed vCPU Creation

Vulnerability

A vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) module for arm64 architecture has been addressed. The issue arose when the function kvm_arch_vcpu_create() failed to share the vCPU page with the hypervisor. This failure was not properly managed, leaving the virtual Generic Interrupt Controller (vGIC) vCPU data initialized. As a result, the vulnerability not only caused a memory leak when the vCPU was destroyed but also created a use-after-free condition if the redistributor device handling attempted to access the vCPU. The vulnerability has been resolved by adding the necessary cleanup to the vCPU creation process, ensuring that the vGIC vCPU structures are properly destroyed in case of an error.

Impact

The vulnerability could lead to a memory leak and a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KVM vGIC Memory Leak and Use-After-Free Vulnerability on Failed vCPU Creation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating