{"id":"AZL-69412","summary":"CVE-2025-40102 affecting package kernel 6.6.126.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Prevent access to vCPU events before init\n\nAnother day, another syzkaller bug. KVM erroneously allows userspace to\npend vCPU events for a vCPU that hasn't been initialized yet, leading to\nKVM interpreting a bunch of uninitialized garbage for routing /\ninjecting the exception.\n\nIn one case the injection code and the hyp disagree on whether the vCPU\nhas a 32bit EL1 and put the vCPU into an illegal mode for AArch64,\ntripping the BUG() in exception_target_el() during the next injection:\n\n  kernel BUG at arch/arm64/kvm/inject_fault.c:40!\n  Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n  CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT\n  Hardware name: linux,dummy-virt (DT)\n  pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n  pc : exception_target_el+0x88/0x8c\n  lr : pend_serror_exception+0x18/0x13c\n  sp : ffff800082f03a10\n  x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000\n  x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000\n  x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004\n  x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n  x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000\n  x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000\n  x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20\n  Call trace:\n   exception_target_el+0x88/0x8c (P)\n   kvm_inject_serror_esr+0x40/0x3b4\n   __kvm_arm_vcpu_set_events+0xf0/0x100\n   kvm_arch_vcpu_ioctl+0x180/0x9d4\n   kvm_vcpu_ioctl+0x60c/0x9f4\n   __arm64_sys_ioctl+0xac/0x104\n   invoke_syscall+0x48/0x110\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x34/0xf0\n   el0t_64_sync_handler+0xa0/0xe4\n   el0t_64_sync+0x198/0x19c\n  Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000)\n\nReject the ioctls outright as no sane VMM would call these before\nKVM_ARM_VCPU_INIT anyway. Even if it did the exception would've been\nthrown away by the eventual reset of the vCPU's state.","modified":"2026-04-01T05:21:33.300160Z","published":"2025-10-30T10:15:34Z","upstream":["CVE-2025-40102"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40102"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"6.6.126.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69412.json"}}],"schema_version":"1.7.5"}